Friday, January 11, 2013

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit

Story behind the vulnerability...

Months ago, we've contacted Cisco about a remote preauth (root access) vulnerability
in default installation of their Linksys routers that we've discovered. We gave them
detailed vulnerability description along with the PoC exploit for the vulnerability.

They said that this vulnerability was already fixed in latest firmware release...
Well, not this particular vulnerability, since the latest official Linksys firmware -
4.30.14, and all previous versions are still vulnerable.

Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other 
Linksys versions/models are probably also affected.
Cisco Linksys is a very popular router with more than 70,000,000 routers sold.
That's why we think that this vulnerability deserves attention.

According to our vulnerability disclosure policy, the vulnerability details will be
disclosed in following 2 weeks on http://www.defensecode.com/ , BugTraq and
Full Disclosure.
Due to the severity of this vulnerability, once again we would like to urge Cisco
to fix this vulnerability.

The vulnerability is demonstrated in the following video:

Kind Regards,
DefenseCode

13 comments:

  1. Thanks for doing this valuable research. I hope you will also think of the free software community and help them too by verifying if these issues are applicable to other firmware such as OpenWRT, DD-WRT and Tomato when you fully disclose.

    ReplyDelete
  2. Truth be told, a security watch nearby improves the probability that any fire will be accounted for to neighborhood fire before an aggregate misfortune happens. Fast Guard Service

    ReplyDelete
  3. This bit of composing is truly well beyond.
    paypal hack

    ReplyDelete
  4. Por lo tanto, ¿por qué no entrar en Internet y escribir Juegos gratuitos de Friv Games en su motor de búsqueda y ver qué resultados obtiene? Una vez que haya descubierto un sitio web que proporciona inscripción gratuita un gran sitio web de juegos, apúntese y listo. Puede jugar juegos Friv gratuitos tantas veces como lo desee. No hay límite en cuanto a la cantidad de veces que puede iniciar sesión y jugar gratis. Para encontrar una solución alternativa para encontrar sitios web excelentes para jugar Friv Games completamente gratis, puedes echar un vistazo a varios de los foros de juegos de Internet y preguntar a los usuarios cuáles son los mejores sitios de juegos gratuitos.

    ReplyDelete
  5. If you need to decide where are you going to live, just read https://essaydragon.com/blog/spend-the-entire-summer-holidays-on-campus You can read about the life on campus here.

    ReplyDelete
  6. It is really sad that there not really a safe system if we are on the internet. We are always prone to vulnerabilities. If great minds behind hacking systems are so sure that they cannot be traced they will like ly just stay in their home and not hide underground.

    Scott Porter (stamped concrete)

    ReplyDelete
  7. كشف تسربات المياة بالقصيم
    شركة مكافحة حشرات بالقصيم
    شركة مكافحة النمل الابيض بالقصيم
    شركة رش مبيدات بالقصيم
    شركة تنظيف بالقصيم
    شركة تنظيف شقق بالقصيم
    شركة تنظيف فلل بالقصيم
    شركة تنظيف كنب بالقصيم
    شركة تنظيف مجالس بالقصيم
    شركة تنظيف منازل بالقصيم
    If you are looking for comfort in cleaning without the trouble or misery, you need a company with a good reputation, and have the experience of what makes you secure yourself and your company and your factory and your family and you need your company to clean the Qassim, this highly experienced company And the ultimate quality works on the cleaning of houses steam, and by using the latest equipment and global services, and detergents developed, and provides you with a global experience in the implementation of various tasks, you will not find a similar in the Kingdom, and the prices are not competitive at all

    ReplyDelete
  8. Internal attacks are always potential threats. 16 inches weave hair One of the important ways you can protect against them is to correctly manage who can access your computer, files, hardware, servers, internet connection and usage checks so you can follow Watch exactly what they are doing on it.
    18 inches weave hair

    ReplyDelete