Wednesday, January 30, 2013

Broadcom UPnP Remote Preauth Root Code Execution Vulnerability


During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical
security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code
under root privileges.
Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router
model is vulnerable - WRT54GL.
We have continued with our research and found that, in fact, same vulnerable firmware component
is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N.
Could be others.

Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable
firmware component is also used across many other big-brand router manufacturers and many
smaller vendors.

Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers
that produce or produced routers based on Broadcom chipset.
We have contacted them with vulnerability details and we expect patches soon.
However, we would like to point out that we have sent more than 200 e-mails to various router
manufacturers and various people, without much success.

Some of the manufacturers contacted regarding this vulnerability are:
- Broadcom
- Asus
- Cisco
- TP-Link
- Zyxel
- D-Link
- Netgear
- US Robotics
- and so on.

Full vulnerability description is available here:
http://www.defensecode.com/subcategory/advisories-28

Regards,
Leon Juranic
CEO
Posted by at

86 comments:

  2. We're really sorry. But you'll have to do it by yourself. :)

    ReplyDelete

  4. This comment has been removed by the author.

    ReplyDelete


  8. Certain, it'd be wonderful to gain a sound estimations of Vitapulse , PQQ, and CoQ10 from true blue meals step by step, regardless, the actuality may it have the capacity to be can be altogether hard to totally hold quick to a reliably thin down method that licenses you to get satisfactory of those fragments into the body whilst in like manner keep away from dinners which have unfavorable flourishing proposals.

    Different normal dinners resources of CoQ10, NAC, and PQQ similarly strike get the chance to be higher calorie meals that join higher extents of drenched muscle to fat remainders, that are unfathomably poor for the heart flourishing paying little notice to the give of CoQ10, NAC, and PQQ these dinners offer.

    CoQ10:

    For instance, CoQ10 is routinely present in higher obsessions in meals this kind of as liver, kidney, heart, ground sirloin sandwich, sardines, and mackerel – yet eating up these dinners may trigger other whole deal thriving issues. People who recognize consuming a great deal of veggies on the reliably foundations could get CoQ10 in spinach, broccoli, cauliflower, and vegetables.

    ReplyDelete

  9. packers and movers in pune
    packers and movers in noida
    Packers and movers in delhi@
    http://www.verified5.co.in/packers-and-movers-delhi/
    Packers and movers in gurgaon@
    http://www.verified5.co.in/packers-and-movers-gurgaon/
    Packers and movers in pune@
    http://www.verified5.co.in/packers-and-movers-pune/
    Packers and movers in ghaziabad@
    http://www.verified5.co.in/packers-and-movers-ghaziabad/
    Packers and movers in faridabad@
    http://www.verified5.co.in/packers-and-movers-faridabad/
    Packers and movers in hyderabad@
    http://www.verified5.co.in/packers-and-movers-hyderabad/
    Packers and movers in trivandrum@
    http://www.verified5.co.in/packers-and-movers-trivandrum/
    Packers and movers in noida@
    http://www.verified5.co.in/packers-and-movers-noida/

    ReplyDelete

  10. Packers and movers in delhi@
    http://www.thepackersmoversdelhi.com

    ReplyDelete

  13. packers and movers in india@
    https://quicksoluction.com/
    packers and movers in delhi@
    http://quicksoluction.com/packers-and-movers-in-delhi.html
    packers and movers in mumbai@
    http://quicksoluction.com/packers-and-movers-in-mumbai.html
    packers and movers in pune@
    http://quicksoluction.com/packers-and-movers-in-pune.html
    packers amd movers in gurgaon@
    http://quicksoluction.com/packers-and-movers-in-gurgaon.html

    ReplyDelete

  14. Henna tattoo mehndi designs designs are gaining significant popularity for a lot of reasons. Among their other benefits, these beautiful tattoos also enables you to "test drive" your favorite design before permanently inking arf player it of your body.

    ReplyDelete

  15. Also, using henna z4root apk allows that alter the actual art easily and frequently if you wish to! If you are not absolutely certain about the tattoo you are considering, try it as a henna how to perform wudu tattoo first and provide it a whirl good night messages for girlfriend!

    ReplyDelete

  17. I must say you had done a tremendous job,I appreciate all your efforts.Thanks alot for your writings......Waiting for a new 1...Please visit our wonderful and valuable website:
    Packers And Movers in Bangalore charges
    Packers And Movers in Bangalore to Hyderabad

    ReplyDelete

  18. The primary choice is to realize that sap fiori prior doesn't define you. What is happening has happened. If you got fired, dumped, divorced, bankrupt, injured, sick, or born into a family of whackos, do you know what

    ReplyDelete

  20. Second, give your customers a low. People online shopping apps love free! Giving something free will generate lots of talk regarding company as well as the word regarding company will spread to be a virus.

    ReplyDelete

  21. Packers Movers in Chandigarh
    http://www.fastsoluction.com

    ReplyDelete

  22. really a very nice blog i really appreciate all your efforts thank you so much for sharing this valuble information with all of us.
    Packers And Movers Gurgaon
    Packers And Movers In Gurgaon charges

    ReplyDelete

  23. We Provide Best Packers And Movers Gurgaon List for Get Free Best Quotes, Compare Charges,
    Save Money And Time, Household Shifting Services @ http://packers-and-movers-gurgaon.in/
    Packers And Movers Bangalore to hyderabad

    ReplyDelete

  26. An excellent information provided thanks for all the information
    visit here : Packers And Movers Bangalore to hyderabad

    ReplyDelete

  27. There's a lot of interesting info here! I'm very grateful for the post! movers and packers chennai is here to make your life simpler
    Packers And Movers Bangalore charges

    ReplyDelete

  31. by Melanie Spring Your To-Do List can be unruly if you don't get it organized. If you've finally figured out an order to your list, make sure you. best to do list app

    ReplyDelete

  32. You want top search engine ranking! In pursuit of that, you are making tons of buy backlinks Check this 15 Places to Buy Backlinks.

    ReplyDelete

  33. The common 'teeth falling out' dream can haunt us for days! Read this in-depth guide & learn teeth falling out dream how to interpret and analyze dreams about teeth ...

    ReplyDelete

  34. Packers And Movers Kolkata is recognized as a business manager providing wide-ranging and differentiate service appearance as well as Relocation Shifting, Logistics and Transportation, Facilities managing, strategy & Designing services.Packers and Movers Kolkata

    ReplyDelete

  37. I loved this one. It has given me courage to try scarier things. I tend to steer clear of them but not anymore.Packers And Movers Jaipur

    ReplyDelete

  38. This comment has been removed by the author.

    ReplyDelete

  41. I love this picture! Thanks for posting @SABTVSeries! ... your smile makes me smile. thanks for being a constant light in my life all my love.
    new websites for you

    ReplyDelete

  42. I would like to thank you for sharing a very good article it is very much appreciated, good job!
    visit us

    ReplyDelete

  43. Really a great addition. I have read this marvelous post. Thanks for sharing information about it.
    visit us

    ReplyDelete

  44. visit
    Thanks for sharing nice information with us.

    ReplyDelete

  45. I need to to thank you for this good read!! I certainly loved every bit of it. packers and movers in kondapur movers and packers in hitech city

    ReplyDelete

  46. I am very happy to read this article.Thanks for sharing!
    visit us

    ReplyDelete

  47. visit website
    thank you so much for this nice Post.
    I really enjoyed.

    ReplyDelete

  48. This is very interesting.The post is written in very a good manner.Thank you for sharing!
    visit us

    ReplyDelete

  49. good article it is very much appreciated, good job! for more information visit us.
    visit us

    ReplyDelete

  50. visit website
    thank you so much for this nice Post.
    I really enjoyed

    ReplyDelete

  51. I am very happy to read this article.Thanks for sharing!
    visit us

    ReplyDelete

  52. I would like to thank you for sharing a very good article
    visit us

    ReplyDelete


  53. click here
    Absolutely wonderful post! What a perfect concept. Thank you

    ReplyDelete

  54. The post is written in very a good manner.Thank you for sharing!
    visit us

    ReplyDelete

  55. The post is written in very a good manner.Thank you for sharing!
    visit us

    ReplyDelete

  56. here
    i like your post and all you share with us is uptodate and quite informative. Thank you

    ReplyDelete

  57. click here
    Absolutely wonderful post! What a perfect concept. Thank you

    ReplyDelete

  58. click here
    Absolutely wonderful post! What a perfect concept. Thank you

    ReplyDelete

  59. visit website
    thank you so much for this nice Post.
    I really enjoyed

    ReplyDelete

  60. Hey There. I found your blog using msn. This is a very well written article. I will be sure to bookmark it and return to read more of your useful information. Thanks for the post. I will certainly return. click to read

    ReplyDelete

  61. I am curious to find out what blog system you�re utilizing? I�m experiencing some minor security problems with my latest website and I�d like to find address

    ReplyDelete

  62. Neat blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple adjustements would really make my blog shine. Please let me know where you got your theme. Thanks a lot read review

    ReplyDelete

  63. visit website
    thank you so much for this nice Post.
    I really enjoyed

    ReplyDelete

  64. When I originally commented I clicked the -Notify me when new comments are added- checkbox now every time a comment is added I am four emails using the same comment. Is there in any manner you may eliminate me from that service? Thanks! webpage

    ReplyDelete

  65. I�m curious to find out what blog platform you happen to be utilizing? I�m experiencing some small security issues with my latest website and I�d like to find something more secure. Do you have any recommendations? other

    ReplyDelete

  66. If you really want you can look the other way and not talk about it. The best thing you can do is become relevant with yourself and faithful with your own morals. Generally this will lead to a mistaken and unproductive life. pop over here

    ReplyDelete

  67. I discovered your blog site on google and check several of your early posts. Always maintain on the great operate. I extra increase your RSS feed to my MSN News Reader. Seeking forward to reading much more within you down the line!� learn the facts here now

    ReplyDelete

  68. Spot on with this write-up, I really suppose this website needs much more consideration. I�ll in all probability be again to learn much more, thanks for that info. [Reply] their website

    ReplyDelete

  69. Youre so cool! I dont suppose Ive read anything like this just before. So nice to get somebody with original ideas on this subject. realy thanks for starting this up. this amazing site is one thing that is needed on the internet, a person with a little originality. helpful project for bringing something totally new to your world wide web! i thought about this

    ReplyDelete

  70. Its nice Thank you so much for this article i really really appreciate this article people also like this event
    z4root

    ReplyDelete

  71. Hey, just looking around some blogs, seems a pretty nice platform you are using. I�m currently using WordPress for a few of my sites but looking to change one particular of them over to a platform similar to yours as a trial run. Anything in particular you would recommend about it? website link

    ReplyDelete

  72. Salam kenal dari saya, terima kasih untuk postingan tentang broadcom upnp.

    sekarang saatnya anda membuka mata anda tentang sekitar anda. banyak sudah kemajuan yang begitu cepat dan tak terasa. salah satunya adalah smartphone yang begitu menggila sampai ke pelosok desa. semua orang menggunakan smartphone dengan berbagai macam aplikasi di dalamnya.

    Dunia Gadget tentu tidak lepas dari aplikasi itu sendiri, dengan adanya gadget maka aplikasipun semakin menjamur. banyak aplikasi yang bisa di dapat dengan gratis dan sangat mudha.

    Jika kita perhatikan, saat ini begitu cepatnya perkembangan software maupun aplikasi. tak terkecuali aplikasi android yang saat ini menjadi OS smartphone paling banyak di gunakan di dunia.

    Selfie saat ini menjadi kegiatan yang sangat banyak di sukai tak hanya anak muda bahkan anak-anak dan orang dewasa pun menyukai selfie. biasanya mereka juga menginstal Aplikasi edit foto terbaik untuk mempercantik gambar / foto di smartphone mereka. aplikasi-aplikasi foto tersebut bisa di dapat dari internet dengan gratis dan cepat.

    Beberapa aplikasi terkenal untuk fotografi mobile antara lain Snapchat, Instagram, dan Yahoo Flickr. Sementara itu, aplikasi kamera bawaan dari Android, Apple, dan Microsoft terus meningkat kualitasnya dengan pembaruan perangkat lunak (software update).

    Namun, semua itu belum lengkap tanpa kehadiran aplikasi edit foto terbaru. Setidaknya, ada lima (5) aplikasi edit foto ‘kekinian’ yang patut dicoba karena kualitas editing-nya patut diperhitungkan. Apa saja? Berikut rangkumannya.

    Terima kasih, dan selamat bersenang-sedang.

    ReplyDelete

  73. a pride for me to be able to discuss on a quality website because I just learned to make an article on
    cara menggugurkan kandungan

    ReplyDelete

  74. You will notice that web sites that take part in a sponsored link that the ads get put into rotation. I have done mytatasky recharge using mytatasky coupons available in shopozo.

    ReplyDelete

  75. Once the number of curl already been obtained, rinse the hair thoroughly with large numbers of warm water for a minimum of three units mehndi designs.

    ReplyDelete

  76. I also believe that we have the duty to season our words with fresh amount of "salt" as a way to be sincere in our communication with others. Dont forget to check hercules roadeo page in Shopozo for getting extra cashback

    ReplyDelete

  81. This comment has been removed by the author.

    ReplyDelete

  82. Contact QuickBooks Payroll Phone Number 1888-567-1159 for instant help & other QuickBooks payroll service, We’re available 24x7 for any QuickBooks Payroll Phone Number

    ReplyDelete

  83. This comment has been removed by the author.

    ReplyDelete

  84. QuickBooks Contact number is all about getting the best help from QuickBooks Tech Support Phone Number This is a Toll Free Number. It is 24/7 Support Number. QuickBooks Customer Service gives the Excellent Tech Support. Best QB Experts are here to solve your issues. Call on our Helpline Number +1-888-396-0208.

    ReplyDelete

  86. Are you looking for QuickBooks Payroll Service Number ?
    QuickBooks Payroll Service Number for Intuit help desk is 1888-567-1159. QuickBooks Data Recovery. Call us today at 1888-567-1159 for QuickBooks upgrades, updates, company file repair and data recovery services.VISIT https://www.qbpayrollsupport.com/

    ReplyDelete

Subscribe to: Post Comments (Atom)