Unfortunately, the company Cisco (which until recently was the owner of Linksys) badly monitors hacker's conference, because this vulnerability is not closed yet.
In January 2013 came out with a new firmware patch 4.30.16 (build 4), but in the change indicated only a minor fix for XSS-vulnerability, while the big bug Cross-Site File Upload (CSFU) remained uncovered.
Hacker Superevr resented the lack of attention to his work, and published a note entitled "Do not use a router Linksys». He checked a few more new devices Linksys - and found catastrophic bugs even in the new model Linksys EA2700 Network Manager N600 Wi_Fi Wireless-N Router, which was released in March this year.
March 5 hacker sent a letter describing the vulnerabilities in Cisco (former owner of Linksys), and now made public about the five vulnerabilities in devices Linksys: in an old WRT54GL and four new in EA2700.
- CSRF-vulnerable boot firmware Linksys WRT54GL
- XSS-vulnerability in Linksys EA2700
- File Path Traversal vulnerability in Linksys EA2700
- Insufficient validation of password change and CSRF-attack in the Linksys EA2700
- Vulnerability to the disclosure of the source code in Linksys EA2700
https://superevr.com/blog/2013/dont-use-linksys-routers/
No comments:
Post a Comment