Hello,
It's been a while since our last post.
We have been working hard on improving our flagship products - ThunderScan Source Code Security Analyzer SAST and Web Security Scanner DAST solution.
We are pleased to say that there are brand new versions of both product ready for use.
Check out for more details on our website http://www.defensecode.com/.
Regards,
Leon Juranic
DefenseCode Security Blog
Tuesday, March 21, 2017
Wednesday, June 25, 2014
Back To The Future: Unix Wildcards Gone Wild
Hi,
We wanted to inform all major *nix distributions via our responsible
disclosure policy about this problem before posting it, because it is
highly likely that this problem could lead to local root access on many
distributions. But, since part of this research contained in the document
was mentioned on some blog entries, we are forced to release it in a
full version.
Regards,
Leon Juranic
We wanted to inform all major *nix distributions via our responsible
disclosure policy about this problem before posting it, because it is
highly likely that this problem could lead to local root access on many
distributions. But, since part of this research contained in the document
was mentioned on some blog entries, we are forced to release it in a
full version.
Download URL:
http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txtRegards,
Leon Juranic
Wednesday, February 6, 2013
First public patch for Broadcom UPnP vulnerability
First public patch for Broadcom UPnP vulnerability from TP-Link.
From: http://forum.tp-link.com/showthread.php?2252-Fixed-a-critical-vulnerability-issue-related-to-UPnP
Regards,
DefenseCode
From: http://forum.tp-link.com/showthread.php?2252-Fixed-a-critical-vulnerability-issue-related-to-UPnP
Fixed a critical vulnerability issue related to UPnP
Model : TD-W8960N
Hardware Version : V4
Following the release this week of a research paper from security firm
Rapid7 describing vulnerabilities in the widely used Intel/Portable UPnP SDK and MiniUPnP SDK stacks, security researchers from DefenseCode announced that they identified a critical vulnerability in a separate UPnP stack developed by Broadcom and used in devices with Broadcom chipsets, including one device from TP-LINK, the TD-W8960N.
http://www.defensecode.com/public/De...y_Advisory.pdf
Being aware of the urgency of this issue, our R&D solved it immediately and released a beta Firmware for the customers who are worried about this problem to download.
You can find this beta Firmware here:
http://www.tp-link.com/en/support/do...rsion=V4#tbl_j
At the end of February, we will release the official FW, solving the UPnP Vulnerability of TD-W8960N.
Regards,
DefenseCode
DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up
A few weeks ago, we have announced remote preauth root access exploit for
Cisco Linksys (http://www.youtube.com/watch?v=cv-MbL7KFKE).
Vulnerability details were disclosed here:
http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf
During further research, we have discovered that other router
manufacturers are also vulnerable to the same vulnerability, since
vulnerable Broadcom UPnP stack is used across multiple router vendors.
According to data from Rapid7, from 80 million routers discovered
during data gathering on the internet, ~15 million had Broadcom UPnP.
More info available here:
http://information.rapid7.com/upnp-webcast-video-page.html
Below is the partial list of other vulnerable router manufacturers and
models. Thanks to HD Moore of Rapid7 for data.
Regards,
Leon Juranic
CEO
DefenseCode
http://www.defensecode.com/
3Com
- ADSL Wireless Router
- Broadcom ADSL Router
- Internet Gateway Device
Actiontec
- GT784WN
- xDSL Router
- Broadcom ADSL Router
- DSL Modem implementing Qwest TR-064 v1.0 specification
- DSL Modem implementing TR-064 v1.0 specification
Actiontec Electronics
- Actiontec xDSL Router
- Verizon ADSL Router
ADBB
- DSL Router
ADB Broadband
- ADB ADSL Router
- Broadcom ADSL Router
ADB Broadband S.p.A.
- ADB ADSL Router
ADB Broadband S.p.A
- HomeStation ADSL Router
ADSL2+ Router
- ADSL2/2+ Modem Router
- ADSLRouter
ALBIS
- Router VLR-4300-I
Allied Telesis K.K.
- CG-BARFX3
Alpha
- ADSL Router
- DLink ADSL Router
- Sky ADSL Router
Alvarion
- Residential Gateway
ASB
- ADSL Router
- Alcatel-EG692HW Internet Sharing Gateway
- ChinaTelecom E8C(EPON) Gateway
- Home Gateway
Askey
- ADSL2+ Router
- ADSL Router
Askey Computer Corp.
- Wireless ADSL2+ Router
ASUS
- Wireless Router
ASUSTek
- ASUS ADSL Router
- ASUS Wireless Harddisk Drive
- ASUS Wireless Router
ASUSTek Computer Inc.
- ASUS Wireless Router
- Residential Gateway Device
- WL-500gPV2
- WL-500gP V2
- WL-520GU
- WL700gE
BEC_8800N
- BEC 8800N
BEC Technologies Inc.
- BEC 7800TN R2
- Broadcom ADSL Router
Belkin
- ADSL Router
- F5D8232-4 v1000
- N1 ADSL Router
- Wireless ADSL Router
- BoB
- iiNet BoB
- Wireless ADSL Router
Bellmann
- Broadcom ADSL Router
Billion
- BiPAC 7700N
- BiPAC 7700N R2
Billion Electric Co., Ltd.
- ADSL2+ Firewall Router
- BiPAC 7800VDOX
- BiPAC 7800VDPX
- home.gateway
Billion Electric Co.,Ltd.
- home.gateway
Billion Electric Co, PC Range Pty Ltd.
- home.gateway
BM
- ChinaTelecom E8C(EPON) Gateway
Broadcom
- 3G Router
- Actiontec GT784WN
- Actiontec xDSL Router
- ADSL2+ 11n WiFi CPE
- ADSL2/2+ Modem Router
- ADSL Router
- ADSL Router
- ChinaTelecom E8 ADSL Router
- D-link ADSL Router
- D-Link ADSL Router
- DLink ADSL Router
- D-Link DSL-2640B
- D-Link DSL-2641B
- D-Link DSL-500B
- DSL2740B ADSL Router
- DSL Router
- HomeStation ADSL Router
- PHILEAS-WORLD
- PTCL ADSL Router
- Residential Gateway Device
- SemIndia Systems ADSL2Plus Router
- STOREX
- WL700g
- Zoom ADSL Router
BT
- Voyager 2091
- Voyager 220V
- Voyager 2091
- Voyager 2110
- Voyager 220V
- Voyager 2500V
Careca
- HRDSL108W 108M Wireless ADSL2+ router
CATCH-TEC
- ADSL2/2+ Modem Router
CDC POINT S.P.A
- ADSL2/2+ Modem Router
ChinaTelecom
- ASB Home Gateway
China Telecom
- ChinaNet EPON Router
- E8C(EPON) Gateway
- E8C Gateway
- Navigator 1-2 Gateway
Cisco Systems,Inc.
- Cisco ADSL Router
ClearAccess
- Broadcom ADSL Router
- D-Link DSL-2730B
Comtrend
- AR-5383n
- Broadcom ADSL Router
- single-chip ADSL router
- WAP-5850g
- Netcomm ADSL2+/3G Wi-Fi Router
Corega
- CG-BARMX2
- CG-WLBARAGM
Danalink
- Dynalink ADSL Router
- Dynalink Wireless ADSL2+ Router
DARE
- DareGlobal Home Gateway
Dare
- Router
Dare Inc.
- Dare ADSL2+ Modem/Wireless Router
DCOM
- ADSL Router
DGT
- VDSL Router
Digicom
- ADSL Router
Digital Data Communications, Inc
- FBR-1461A ADSL2+ Modem Router(X.X.X.X)
- FBR-1461 ADSL2+ Modem Router (X.X.X.X)
DIGITUS
- Internet Gateway Device
DIT
- Gateway
D-Link
- ADSL MODEM
D-link
- ADSL Router
D-LINK
- ADSL Router
DLink
- Alpha ADSL Router
D-Link Corporation.
- D-Link D-LinkDSL-2640B
- D-Link DSL-2640B
- D-LinkDSL-2640B
- D-LinkDSL-2641B
- D-Link DSL-2740B
- D-LinkDSL-2740B
- D-Link DSL-2740U
- D-Link DSL-2741B
- D-LinkDSL-2741B
- D-Link DSL-2750B
- D-LinkDSL-2750B
D-Link Corporation
- D-Link DSL6740U
- DSL-2640B
- DSL2740B
- DSL-2740B
- DSL-2740B Adsl Router
- DSL-2740B Adsl Router
- DSL-2740U Adsl Router
- DSL-2741B
- DSL-2741B Adsl Router
- DSL2750B
- DVA-G3670B Adsl Router
Dlink
- ADSL router
- ADSL Router
- D-Link ADSL Router
- ADSL Router
- DLink ADSL Router
- ADSL Router
- DSL-2500U
- DSL-2542B
- DSL-2640B
- DSL-2640U
- DSL-2730B
- D-Link DSL-2730B
- DSL2730U
- DSL-2730U
- DSL-2740EL
- DSL2750U
- DSL-2750U
- D-Link DSL-526B
- DSL-526B
- Router
- D-Link VDSL Router
- Wireless Router
- DSL-2542B
- DSL-2640B
- DSL-2640BT
- DSL-2640U
- DSL-2740B
- DSL-526B
- DSL-526B
- DSL-526B
- DVA-G3672B-LTT Networks ADSL Router
- DVA-G3672B Networks ADSL Router
DQ
- ADSL Router
DQ Technology, Inc.
- ADSL2+ 11n WiFi CPE
- ADSL2+ CPE
- DSL-2542BNetworksADSLRouter
- DSL-2642BNetworksADSLRouter
- DSL-2730BNetworksADSLRouter
- DSL-2730UNetworksADSLRouter
DSL
- ARouter
- DSLRouter
- TW ARouter
Dynalink
- ADSL2+ Router
- ADSL2+ Wireless Modem Router
- Wireless ADSL2+ Router
ENKOM
- AMIS Router
FAMNET
- ADSL Router
FiberHome
- ADSL Router
- Broadcom ADSL Router
Glitel
- Broadcom ADSL Router
gmesh
- ADSL Router
huaqin
- HGU421 Router
- HGU421 v3 Router
Huawei-3Com
- BR204+
Huawei
- Echolife ADSL Router
- EchoLife Home Gateway
- HG227
- ADSL Router
- Residential Gateway Device
Huawei Technologies Co., Ltd
- EchoLife HG520
iBall Baton
- 150M Wireless-N ADSL2+ Router
iiNet
- BoB2
- BoBLite
Innoband
- DSL Router
Inteno
- Broadcom ADSL Router
- DSL Router
- Residential Gateway
Intercross
- Broadcom ADSL Router
- InternetGatewayDevice
IskraTEL
- Broadcom ADSL Router
ITI Ltd.
- ITI ADSL2+ Modem/Wireless Router
- ITI Ltd.ADSL2Plus Modem/Router
K?NIG
- ADSL2/2+ Modem Router
- ADSL2/2+ Modem Router
Kunhar Peripherals Pvt Ltd
- 54M Wireless ADSL2+ router
LevelOne
- FBR-1461B
Linksys by Cisco
- Linksys WRT54G
- Linksys WRT54GL
Linksys Inc.
- DD-WRT Router (X.X.X.X)
- Linksys MA568243
- Linksys ma890673
- Linksys WRT150N
- Linksys WRT54GL
- Linksys WRT54GS-PC
- Linksys wrt54gs v4
- Linksys WRT54GS (X.X.X.X)
- Residential Gateway Device
Linksys
- Internet Gateway Device
- Wireless Router
MAXON
- Residential Gateway Device
MEDIACOM Wireless-N ADSL2+ Router
MEDIACOM Wireless-N ADSL2+ Router - ADSL2+ Router
Micronet Communications Inc.
- Micronet WLAN ADSL2+ Modem Router
Micro-Star International
- Residential Gateway Device
Minitar Corporation
- Residential Gateway Device
Motorola
- Residential Gateway Device
NB
- DSL-2740B
NetComm
- Broadcom ADSL Router
NetComm Limited
- NetComm ADSL2+ Router
- NetComm ADSL2+ Wireless Router
- 11n Wireless ADSL2+ Router
- 11n Wireless ADSL Router
- Netcomm ADSL2+/3G Wi-Fi Router
- ADSL2+ Router
- ADSL2+ Wireless Router
- NB6 ADSL2+ Router
- NB6Plus4W ADSL2+ Wireless Modem Router
- NB6PLUS4W Wireless ADSL2+ Router
- NB6W Wireless ADSL2+ Router
- WiFi Data and VoIP Gateway
NetComm Wireless Limited
- NetComm ADSL2+ Router
- NetComm ADSL2+ Wireless Router
Netgear
- Broadcom ADSL Router
- ADSL2+ Router
- ADSL Router
- RP614v4
Neuf Telecom
- Trio4
NewMedia-NET GmbH
- DD-WRT Router (X.X.X.X)
OPTICOM
- DSLink 279
Orcon
- Genius
- GeniusLite
- Orcon
- P-660HN-51
PENTAGRAM
- home.gateway
PhoebeMicro
- Internet Gateway Device
Pirelli
- ADSL Router
Pirelli Broadband Solutions
- HomeStation ADSL Router
PLANET
- ADN-4000
Planex
- BLW-54CW
- Internet Gateway Device
QTECH
-
- Broadcom ADSL Router
- QTECH
- Residential Gateway
- ResidentialGatewayDevice
ROTAL
- Wireless ADSL2+ Router
Router
- ADSL Router
- Router
Sagem
- AFAQ DSL SHAMEL ROUTER
Sagemcom
- ADSL Router
- ADSL Router
SemIndia Systems Private Ltd.
- SemIndia ADSL2Plus Modem/Router
SemIndia Systems Pvt. Ltd.
- SemIndia Systems ADSL2Plus Modem Router
- SemIndia Systems ADSL2Plus Modem/Wireless Router
SIEMENS
- alice.box
Siemens
- ADSL SL2-141
- ADSL SL2-141-I
- Gigaset SE515B
- SL2-141-I
SimpleTech
- OdenShare
- SimpleShare
Sinus
- 1054 DSL
SmartLink
- ADSL Router
Sparklan
- Internet Gateway Device
Speedport
- 500V
- W 500V
Starbridge Networks
- Broadcom ADSL Router
Star-Net
- Broadcom ADSL Router
STAR-NET
- Broadcom ADSL Router
Sveasoft Inc.
- Residential Gateway Device
TARGA WR 500 VoIP
- TARGA WR 500 VoIP
Tecom
- DSL Router
TeleWell Oy (http://www.telewell.fi)
TeleWell Oy (http://www.telewell.fi) - TeleWell.gateway
Telsey
- ADSL Router
TELUS
- VSG1432
Tenda
- ADSL2/2+ Modem Router
Tenda/Imex
- W150D
Tenda/lmex
- ADSL2+ Ethernet Modem Router
- ADSL Router
- Gateway
TOPTRONICS
- ADSL Router
TP-LINK
- ADSL Router
- 54M Wireless ADSL2+ router
- ADSL2+ Modem Router
- ADSL2+ Router
- ADSL2+ Router Modem
- ADSL Router
- Wireless ADSL2+ Modem Router
- Wireless ADSL2+ router
- Wireless ADSL2+ Router
- Wireless N ADSL2+ Modem Router TD-W8960N
U.S. Robotics Corporation
- Internet Gateway Device
U.S. Robotics
- USRobotics ADSL2+ Router
- ADSL 4 Port Router
- ADSL 4-Port Router
- USR8561
UTStarcom Inc.
- UTStarcom ADSL2+ Modem Router
UTstarcom Inc.
- UTstarcom ADSL2+ Modem/Wireless Router
- UTStarcom ADSL2+ Modem/Wireless Router
- VSG1432-B101
- VSG1435-B101
WIN
- eNet660S
WorldNet
- ADSL Router
XAVi
- DSL Router
Zhone Technologies.
- UPnP v1.0
Zhone
- Gateway
- Wireless Gateway
ZISA
- ADSL Router
ZTE
- ADSL Router
- Broadcom ADSL Router
ZTE Corporation
- ZXDSL 931 Series Device
- Home Gateway
- ZXDSL 531B
ZyXEL Communication Crop.
- P-870H-51A V2 UPnP
- P-870H-51b UPnP
- P-870H-53A V2 UPnP
- P-870HN-51b UPnP
- P-870HN-51D UPnP
- P-870HN-53b UPnP
- P-870HNU-51b
- VSG1435-B101
- Wireless Broadband Router
- ZyXEL UPnP v1.0
ZyXEL
- P-660HN-51
- P-870HN-53b
- P-873HNU-51B
- P-873HNUP-51B
- Qwest TR-064 v1.0
- VMG1312-B30A
- VSG1432-B101
- VSG1435-B101
- ADSL Router
- TR64 Router
- UPnP Router
- VDSL Router
ZYXEL
- ZyXEL VDSL Router
- xDSL Router
Wednesday, January 30, 2013
Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical
security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code
under root privileges.
Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router
model is vulnerable - WRT54GL.
We have continued with our research and found that, in fact, same vulnerable firmware component
is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N.
Could be others.
Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable
firmware component is also used across many other big-brand router manufacturers and many
smaller vendors.
Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers
that produce or produced routers based on Broadcom chipset.
We have contacted them with vulnerability details and we expect patches soon.
However, we would like to point out that we have sent more than 200 e-mails to various router
manufacturers and various people, without much success.
Some of the manufacturers contacted regarding this vulnerability are:
- Broadcom
- Asus
- Cisco
- TP-Link
- Zyxel
- D-Link
- Netgear
- US Robotics
- and so on.
Full vulnerability description is available here:
http://www.defensecode.com/subcategory/advisories-28
Regards,
Leon Juranic
CEO
Thursday, January 17, 2013
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up
Starting a few hours ago, we began a quick analysis as to how many
Linksys models might be vulnerable.
From what we can tell so far, at least one other (not just the WRT54GL) Linksys model is probably vulnerable.
Moreover, during the analysis we discovered clues that network devices from other manufacturers might
also contain the same vulnerability. We are still investigating.
Regarding the Cisco case, we are looking forward to the vulnerability fix. In the meantime, we have again approached them about a few other potential vulnerabilities in the Linksys equipment.
Regards,
Leon Juranic
CEO
DefenseCode
http://www.defensecode.com/
From what we can tell so far, at least one other (not just the WRT54GL) Linksys model is probably vulnerable.
Moreover, during the analysis we discovered clues that network devices from other manufacturers might
also contain the same vulnerability. We are still investigating.
Regarding the Cisco case, we are looking forward to the vulnerability fix. In the meantime, we have again approached them about a few other potential vulnerabilities in the Linksys equipment.
Regards,
Leon Juranic
CEO
DefenseCode
http://www.defensecode.com/
Friday, January 11, 2013
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
Story behind the vulnerability...
Months ago, we've contacted Cisco about a remote preauth (root access) vulnerability
in default installation of their Linksys routers that we've discovered. We gave them
detailed vulnerability description along with the PoC exploit for the vulnerability.
They said that this vulnerability was already fixed in latest firmware release...
Well, not this particular vulnerability, since the latest official Linksys firmware -
4.30.14, and all previous versions are still vulnerable.
Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other
Linksys versions/models are probably also affected.
Cisco Linksys is a very popular router with more than 70,000,000 routers sold.
That's why we think that this vulnerability deserves attention.
According to our vulnerability disclosure policy, the vulnerability details will be
disclosed in following 2 weeks on http://www.defensecode.com/ , BugTraq and
Full Disclosure.
Due to the severity of this vulnerability, once again we would like to urge Cisco
to fix this vulnerability.
The vulnerability is demonstrated in the following video:
Kind Regards,
DefenseCode
Subscribe to:
Comments (Atom)