Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28954
HistoryJan 14, 2013 - 12:00 a.m.

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit

2013-01-1400:00:00
vulners.com
40
JSON

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit

Story behind the vulnerabilityโ€ฆ

Months ago, we've contacted Cisco about a remote preauth (root access) vulnerability
in default installation of their Linksys routers that we've discovered. We gave them
detailed vulnerability description along with the PoC exploit for the vulnerability.

They said that this vulnerability was already fixed in latest firmware releaseโ€ฆ
Well, not this particular vulnerability, since the latest official Linksys firmware -
4.30.14, and all previous versions are still vulnerable.

Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other
Linksys versions/models are probably also affected.
Cisco Linksys is a very popular router with more than 70,000,000 routers sold.
That's why we think that this vulnerability deserves attention.

According to our vulnerability disclosure policy, the vulnerability details will be
disclosed in following 2 weeks on http://www.defensecode.com/ , BugTraq and
Full Disclosure.
Due to the severity of this vulnerability, once again we would like to urge Cisco
to fix this vulnerability.

The vulnerability is demonstrated in the following video:
http://www.youtube.com/watch?v=cv-MbL7KFKE&hd=1

Kind Regards,
DefenseCode LTD.
E-mail: defensecode[at]defensecode.com
Website: http://www.defensecode.com
Advisory URL: http://www.defensecode.com/article/upcoming_cisco_linksys_remote_preauth_root_exploit-33

JSON