Thursday, January 17, 2013

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up

Starting a few hours ago, we began a quick analysis as to how many Linksys models might be vulnerable.
From what we can tell so far, at least one other (not just the WRT54GL) Linksys model is probably vulnerable.

Moreover, during the analysis we discovered clues that network devices from other manufacturers might
also contain the same vulnerability. We are still investigating.

Regarding the Cisco case, we are looking forward to the vulnerability fix. In the meantime, we have again approached them about a few other potential vulnerabilities in the Linksys equipment.


Regards,
Leon Juranic
CEO
DefenseCode
http://www.defensecode.com/

2 comments:

  1. Did you try Tomato or any of the alternative firmwares used on the WRT54Gv4, and WRT54GL? I second what Edward commented on in your other post. Please consider testing the alternative firmwares for whatever vulnerability you have discovered. Also, you say that you are looking forward to the vulnerability fix. Has Cisco indicated they will fix the problem(s) you reported and in what timeframe? Thanks

    ReplyDelete
  2. Some services on the WRT54GL rely on software components originating from Broadcom. Some of these components are also used by alternative firmwares (DD-WRT, OpenWRT, FreeWRT, Tomato, ...) and by other manufacturers (e.g., Asus, Netgear, Belkin).

    ReplyDelete