Monday, April 8, 2013

Multiple vulnerabilities in Linksys routers

In October 2012, a hacker Superevr spoke at the presentation of the vulnerability in a very popular model of router Linksys WRT54GL.

Unfortunately, the company Cisco (which until recently was the owner of Linksys) badly monitors hacker's conference, because this vulnerability is not closed yet.

In January 2013 came out with a new firmware patch 4.30.16 (build 4), but in the change indicated only a minor fix for XSS-vulnerability, while the big bug Cross-Site File Upload (CSFU) remained uncovered.

Hacker Superevr resented the lack of attention to his work, and published a note entitled "Do not use a router Linksys». He checked a few more new devices Linksys - and found catastrophic bugs even in the new model Linksys EA2700 Network Manager N600 Wi_Fi Wireless-N Router, which was released in March this year.

March 5 hacker sent a letter describing the vulnerabilities in Cisco (former owner of Linksys), and now made public about the five vulnerabilities in devices Linksys: in an old WRT54GL and four new in EA2700.

  • CSRF-vulnerable boot firmware Linksys WRT54GL
  • XSS-vulnerability in Linksys EA2700
  • File Path Traversal vulnerability in Linksys EA2700
  • Insufficient validation of password change and CSRF-attack in the Linksys EA2700
  • Vulnerability to the disclosure of the source code in Linksys EA2700

No comments:

Post a Comment