Domain: defensecode.com
Stories and comments across the archive that link to defensecode.com.
Comments · 4
-
Many routers subject to UPnP vulnerability anyway
PDF link, published earlier this year, shows how many manufacturers use a stack with a UPnP vuln that gives root, even from the WAN side:
http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf
Point is, you probably weren't as safe as you thought you were, even before this new disclosure.
I think a huge problem with consumer-grade wifi routers today is that as manufacturers race to support new models with new wifi standards and new competitive feature sets, older models quickly become abandonware. There's very little guarantee around firmware updates for critical vulnerabilities, and end users are mostly oblivious to being at risk. By the time you pick up that $80 model from the store it's probably borderline EOL already.
-
Re:WRT54GLFrom the "Upcoming Advisory" page, http://www.defensecode.com/article/upcoming_cisco_linksys_remote_preauth_root_exploit-33:
Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.
-
Re:WRT54GL - not just ?
Stupid link talks about WRT54GL only.
To quote the original page:
Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected. -
Re:WRT54GL
I agree it's bad form not to put the router models in the summary. But from the press release...
Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.
(emphasis mine)
Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response to everyone reinstalling dd-wrt and other firmware...