Zero Vulnerability in Cisco Linksys Routers
Time 0day of vulnerabilities continues. This time affected Cisco Linksys products.
As it became known , the vulnerability allows access to the device from the external network as root without authentication. Vulnerable firmware versions of Linksys firmware up to:
4.30.14 inclusive. There are currently no protection recommendations. Thus, currently all available Linksys firmware versions are vulnerable, which puts at risk approximately 70 million devices on the network.
Cisco was notified of the problem a few months ago, but the fix was never released. The researchers who discovered the vulnerability plan to disclose the details along with the demo PoC code within 2 weeks.
While video demonstration of vulnerability is available. Judging by it, from the third time I managed to get unauthorized access to the device. Cisco Linksys WRT54GL was selected as a victim.
As it became known , the vulnerability allows access to the device from the external network as root without authentication. Vulnerable firmware versions of Linksys firmware up to:
4.30.14 inclusive. There are currently no protection recommendations. Thus, currently all available Linksys firmware versions are vulnerable, which puts at risk approximately 70 million devices on the network.
Cisco was notified of the problem a few months ago, but the fix was never released. The researchers who discovered the vulnerability plan to disclose the details along with the demo PoC code within 2 weeks.
While video demonstration of vulnerability is available. Judging by it, from the third time I managed to get unauthorized access to the device. Cisco Linksys WRT54GL was selected as a victim.
')
Source: https://habr.com/ru/post/165737/
All Articles