Remote Linksys 0-Day Root Exploit Uncovered

Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."

WRT54GL

[markdavis]

Yes, you would think the summary would at LEAST say *WHICH* router it affects, since Linksys has lots of different models. It is the WRT54GL.

I *love* that router and have probably 30 of them. Low power draw, real antenna, wall mountable, etc. My recommendation- install Toastman Tomato on it. They never crash, freeze, freak out, not work with certain devices, etc. Rock solid stuff.

Strangely, the WRT54GL is STILL BEING SOLD!

Re:WRT54GL

[Synerg1y]

People still run their 54gl's stock???

Repeat after me: d-d--w-r-t

Turns your router into something more like one of those fancy enterprise cisco routers. The 54gl is dd-wrt's 1st platform I believe (too lazy to look it up), so compatibility is bound to be around 100%.

Re:WRT54GL

[YodasEvilTwin]

Wait, are we pronouncing the hyphens or not?

Re:WRT54GL

If we are, he misspelled it. It should be d-d---w-r-t

Re:WRT54GL

[Synerg1y]

Good point, ignore all hyphens except for the 4th one, replace that with an a. On second thought, vocalize the hyphens for the sake of hilarity.

Re:WRT54GL

[morcego]

It is really odd. WRT54GL is target to people who will flash it with custom firmwares. Why would use one of those with stock firmware? If you are not going to hack it, just buy another model (better and/or cheaper).

Anyone running stock on a WRT54GL deserves to be hacked.

Re:WRT54GL

A couple years back, dd-wrt had its own security issues which was not, in my oipinion, publicized as widely as it should have been.. I remember some internal debate with some people saying it wasn't that big a deal so no need to big issue warnings/press releases. They thought posting it on the web site was enough.

Hopefully they're better at getting the word out now.

Re:WRT54GL

[VValdo]

I agree it's bad form not to put the router models in the summary. But from the press release...

Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.

(emphasis mine)

Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response to everyone reinstalling dd-wrt and other firmware...

Re:WRT54GL

[Synerg1y]

Sure, every network anything has had security issues and will. Imho, remote web management is only useful to a very few select users, to get back home, ssh is the way to go... which you'd set up in web management :)

There was also a vulnerability late last year that revolved around a specific service. The scope is different though, you can turn off a router service inconveniencing yourself till a patch is released... the article didn't provide enough detail on what's affected on the linksys firmware leading me to suspect stock firmware, stock settings... aka the most vulnerable of the vulnerable users group.

Re:WRT54GL

DefenseCode seems to think it affects more models than just the WRT54GL. From their post:

"Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected."

Re:WRT54GL

[NatasRevol]

Anyone running stock on a WRT54GL deserves to be hacked.

That's one of the dumber arguments I've ever seen on Slashdot.

Re:WRT54GL

[formfeed]

Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response to everyone reinstalling dd-wrt and other firmware...

The WRT54GL was in response to the people being unable to run Linux on the newer revisions of the WRT54G, after Linksys "updated" the WRT54G by reducing the memory in the newer models. They basically restored the specs. of the original router and sold it for a premium.

Re:WRT54GL

[TheGratefulNet]

victor borge approves!

(showing my age, but I don't care...)

Re:WRT54GL

Have you never bought something with the intentions of modding it but then never got around to doing so?

Re:WRT54GL

[CimmerianX]

victor borge approves Shhhh-pck --- turning sound effects into text is hard.

Re:WRT54GL

It is actually the first thing I do after opening the box to my WRT54GL. I would even go out of my way to find out whether a router is supported by my favourite third party firmware before making the purchase, then flashing it as soon as it come out of the box. No way in hell am I leaving the stock firmware installed on it.

Re:WRT54GL

[girlintraining]

That's one of the dumber arguments I've ever seen on Slashdot.

Sir, the reinforcements have arrived.

Re:WRT54GL

[morcego]

Anyone running stock on a WRT54GL deserves to be hacked.

That's one of the dumber arguments I've ever seen on Slashdot.

You must be new here.

Re:WRT54GL

[Barryke]

The market for WRT54GL is there because of people buying it to put their own firmware on.

Re:WRT54GL

[kangsterizer]

Repeat after me: http://www.openwrt.org/

Turns your router into a Linux box. That routes too. And more. And let you tinker with it, too. ;)

Re:WRT54GL

You say DDWRT, I say Tomato.

Re:WRT54GL

[leenks]

Shock, horror: the majority of all routers run stock firmware...

Re:WRT54GL

[andydread]

I have one of these with stock firmware and its rock solid. I shall be updating immediately.

Re:WRT54GL

[andydread]

Raises hand. I have such a model and it has been extremely solid with stock updated firmware that I haven't gotten around to putting tomato on it yet.

Re:WRT54GL

[scdeimos]

From the "Upcoming Advisory" page, http://www.defensecode.com/article/upcoming_cisco_linksys_remote_preauth_root_exploit-33:

Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.

Re:WRT54GL

[JustOK]

ssrrrck-tck

Re:WRT54GL

A couple years back, dd-wrt had its own security issues [dd-wrt.com] which was not, in my oipinion, publicized as widely as it should have been..

Something has bothered me about DDWRT for awhile. Why does the "Latest stable release" refer to build 10020? Even the page you link to about the vulnerability in 2009 says to use build 12533 for the fix. For my router, any newer build than 10020 is marked as "Beta". If you select the "stable" 10020 build to download, you get a critical security hole!

Re:WRT54GL

[antdude]

From what I read, the third party firmware upgrades looks complex from their documents and easy to brick. :(

Re:WRT54GL

[markdavis]

>I have one of these with stock firmware and its rock solid. I shall be updating immediately.

I used my WRT54GL for many months (years ago) on the stock firmware and did not find it to be reliable. I had upgraded the stock firmware to their latest and it didn't help.

Once I changed to Toastman Tomato, it became one of the most reliable pieces of equipment I own... instantly. PLUS Tomato gave it tons of additional functionality.

Don't be afraid of installing third-party Linux firmware, it is the best thing you can do for your WRT54GL.

Re:WRT54GL

[clarkn0va]

The WRT54GL is the minority of all routers.

For those who don't know, the L in WRT54GL stands for Linux. This routers was differentiated from the contemporary revision WRT54G only in that it ran the Linux-based firmware. While subsequent revisions of the WRT54G featured less and less capable hardware, the WRT54GL maintained its original configuration of flash and RAM, allowing it to run third party firmwares such as dd-wrt, openwrt, and Tomato.

To the average consumer, the WRT54GL looked exactly like the significantly less expensive WRT54G and its prolific variants, but to the power user and professional, it held much greater potential and warranted the higher price tag. These pros and power users generally have no use for stock firmwares, and are only interested in the open nature of the hardware platform, and are therefore willing to pay the premium (although personally I preferred the more capable and less expensive ASUS WL-520gu. I guess legend status has its privileges).

So yes, it is shocking to those who are familiar with the platform to learn that any significant portion of WRT54GL is running stock firmware in the wild.

Re:WRT54GL

Cisco shipped it with buggy firmware in the first place. If you don't put the blame on them, then fundimentally and intellectually, you can't... ever !

Re:WRT54GL

[Nyder]

Yes, you would think the summary would at LEAST say *WHICH* router it affects, since Linksys has lots of different models. It is the WRT54GL.

I *love* that router and have probably 30 of them. Low power draw, real antenna, wall mountable, etc. My recommendation- install Toastman Tomato on it. They never crash, freeze, freak out, not work with certain devices, etc. Rock solid stuff.

Strangely, the WRT54GL is STILL BEING SOLD!

I thought the point of the WRT54GL was to install DD-WRT on it. I don't know about anyone else here, but that is what I did.

Re:WRT54GL

[Nyder]

From what I read, the third party firmware upgrades looks complex from their documents and easy to brick. :(

I don't find them that complex and the easy to brick warnings are for the idiots that do not bother to read thru the instructions first and get an understanding of the whole process before proceeding. Most things that cause bricking is from doing stupid crap during the process, like not paying attention to the step you are on and not understanding the step you are on.

I find the DD-WRT's instructions to be good. Way better then the instructions I've had to hack my various consoles over the years.

Re:WRT54GL

[antdude]

LOL. I am not good in following instructions. I tend to break stuff easily hence why I am a SQA tester. :P If I had another router, then I could try it but I don't want to risk bricking it and have no Internet connection.

Re:WRT54GL

[dutchwhizzman]

You are forgetting that a lot of people bought it because "the guy that knows computers" said it was "the best model", never understanding why and how to take advantage of the added value of the GL over the budget model. The amount of home computer equipment that gets bought on recommendation of either the sales guy, the neighbour kid or the relative that works in IT is staggeringly high. Those people will most likely still be running stock firmware, probably a relic version at that.

Re:WRT54GL

[Lothsahn]

I love Tomato too--in fact, I use it at my house. However, Tomato was originally based off Stock Linksys, and might also be affected. Until full disclosure occurs, we'll not know for sure.

Re:WRT54GL

[Lothsahn]

While what you say is true, it's not just the WRT54GL that's likely affected. It's highly likely that WRT54G/WRT54GS v1-v4 are also affected.

The WRT54GL router uses nearly identical firmware to the v1, v2, v3, and v4 models of the WRT54G and WRT54GS router. In fact, the specs on a WRT54G/WRT54GS v4 are nearly identical to a WRT54GL--same chipset, RAM, and flash.

A lot of these were manufactured and sold, and I bet the vast majority are still running stock.

Re:WRT54GL

[andydread]

the WRT54GL comes stock with a Linux based firmware out of the box. thats what the "L" is for

Re:WRT54GL

I don't know. Let's ask Le-a.

Re:WRT54GL

Nice nice, will look into the ASUS-420gu

Re:WRT54GL

Yes, the stock firmware is also based on Linux, but it's still shit compared to DD-WRT.

Re:WRT54GL

So basically it's a vuln in the stock firmware for a device that enthusiasts buy specifically to use aftermarket firmware on

Nothing to see here folks, move along...

Re:WRT54GL

[CimmerianX]

Slashdot should have a victor borge filter, turning all punctuation into transcribed sound effects.

Re:WRT54GL

More like openwrt, ddwrt never gets any updates, is a rip of the openwrt work and is bullshit to compile.

Re:WRT54GL

[Synerg1y]

Still.. the linksys v4200v1 was supported by dd-wrt (v2 jewed out, it's locked I believe). It's got some documented bugs though, not sure if they ever got fixed, they weren't for stuff I was using and ssh worked fine. I can see why dd-wrt has fallen out of favor though, they've commercialized, but still it's a pain in the ass to learn new router interfaces & nuances, so I'll stick w dd-wrt at least for now.

Re:WRT54GL

[TheGratefulNet]

it warms my heart that some people (here) know or remember who VB was.

he deserves to be remembered.

Re:WRT54GL

[unitron]

And remembered fondly.

Considering that English wasn't his first language, he certainly mastered it well enough to make it do great tricks.

Re:WRT54GL

[segin]

Because if you want any of those extra features, they want to sell you a $1000 router that does waaaay more than you need, and also has a higher operating cost (in terms of power used and support costs.)

Re:WRT54GL

Completely agree here. DD-WRT will make a commodity router into all the router it could be.

Its debugged and complete, and compatible with so many devices.

Even WDS is supported, so you can extend the reach of your wireless to all corners of your property.

Check your router: http://www.dd-wrt.com/site/support/router-database

Or.. be extra safe and pick up a new basic one after confirming its supported - noting the V2 vs V3 status ON THE PACKAGE.
It can make all the difference.

I'm fine.

[drunkennewfiemidget]

I'm pretty sure my Linksys router doesn't have that vulnerabil -- HA JUST KIDDING, WHO WANTS MY CREDIT CARD NUMBER?

Re:I'm fine.

We already have it.

WRT54GL?

Just gotta ask: have they tried it on any OTHER models? Because that's an OLD OLD router that shouldn't even be running cisco/linksys firmware anymore. Tomato, ddwrt, and openwrt all support it, all have support for it and much improved kernel and userspace versions.

Additionally though the number of different arm processors and SoC arches they're running in their hardware makes me question the odds of a common exploit across all of them, especially since this isn't even a router support the new 'Cisco Cloud' configuration garbage.

Anyway, what do the rest of you think, some wanna-be 'security' company trying to make a name for themselves scaremongering?

Re:WRT54GL?

[Baloroth]

Just gotta ask: have they tried it on any OTHER models? Because that's an OLD OLD router that shouldn't even be running cisco/linksys firmware anymore.

If by "OLD OLD" you mean "is still produced, sold, and obviously supported, and can be purchased on Newegg right this second with stock firmware" then sure. It's an extremely common router, even among the non-techie crowd, so I wouldn't be surprised if the majority of them are still on stock firmware.

Re:WRT54GL?

Plus, if it ain't broke don't fix it. I put a WRT54G with my parents setup WAYYY back in the day. Probably 15 years ago or so.

Re:WRT54GL?

[elfprince13]

WRT54G is not WRT54GL.

Re:WRT54GL?

My router is a WRT54GL running Tomato. Is it also affected?
And before anyone ask: yes, it is an old model but work very well and good new routers are very expensive at my country.

Re:WRT54GL?

It doesn't have an ARM CPU, its MIPS.

Re:WRT54GL?

[robkill]

The WRT54GL is available on Amazon http://www.amazon.com/Cisco-Linksys-WRT54GL-Wireless-G-Broadband-Router/dp/B000BTL0OA and on Newegg http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190.

Re:WRT54GL?

[JoshRosenbaum]

WRT54G is not WRT54GL.

The WRT54GL is the reincarnation of the original WRT54G. The WRT54G used linux until version 5 when it switched to VX Works OS. It sounds like AC's was one of the original ones, so it is relevant this thread.

See here for details: http://en.wikipedia.org/wiki/Linksys_WRT54G_series#WRT54GL
"The WRT54GL is technically a reissue of the version 4 WRT54G."

Re:WRT54GL?

There are a lot of "old, old routers" out there. A router is a device you install, then forget about until it breaks.

Zero day?

[arth1]

What's zero-day about this exploit?
It was found during testing, and there are no exploits in the wild.

As such it fails BOTH tests for being a zero day exploit:
- The company must not know the details of the exploit
- It must be in the wild

Stop using the phrase "zero day" about just any exploitable bug. Call them security vulnerabilities, which is what they are.

Re:Zero day?

What's zero-day about this exploit?
It was found during testing, and there are no exploits in the wild.

As such it fails BOTH tests for being a zero day exploit:
- The company must not know the details of the exploit
- It must be in the wild

Stop using the phrase "zero day" about just any exploitable bug. Call them security vulnerabilities, which is what they are.

zero day sounds cool man, it's like black ice and cyberspace all over again man...far out... ...peace.... //tech journalist -68

Re:Zero day?

[Synerg1y]

An unpatched security vulnerability at that. You'll have just as much luck with this as getting people to understand the difference between a hacker and a cracker... and that's using the already warped definition of hacker from the media: goodddd luck.

Re:Zero day?

[flonker]

I agree. My first thought on reading the headline and summary was that Cisco claimed it was fixed, so DefenseCode released it into the wild.

Re:Zero day?

I always thought the overuse of "zero-day" was more of a scare tactic by all parties involved (reporters want you to care, malware authors/researchers want us to fear, companies want us to fear for slightly different reasons). As I was pondering its use in this story, however, I think now that a significant reason might be the following: "Zero-day" implies that the company behind the affected product hasn't had time to fix it yet - that it's not their fault, because they haven't had time to fix it yet. After all, they've only known about it for zero days.

Re:Zero day?

[PRMan]

1. Cisco didn't know about it until this week. 2. It CAN be exploited in the wild. The video proves it. Zero-day exploit.

Re:Zero day?

[AmiMoJo]

The term "remote" is also a bit misleading, in that it looks like you need to be on the local network already to use this vulnerability. In the video their IP address is 192.168.1.1. Far less serious than being able to get root from the internet or without having to authenticate a wifi connection first. In fact I bet 95% of affected routers have the default web interface password anyway.

The main people who should be worried are people with open access wifi or LAN ports, such as cafes and hotels.

Re:Zero day?

Crackers are tasty.

Hackers are covered in phlegm.

Re:Zero day?

In fact I bet 95% of affected routers have the default web interface password anyway.

Yes, with the user/pass as admin/password or admin/admin! :-0

Re:Zero day?

[filthpickle]

A hacker is someone who isn't particularly good at golf. A cracker is...who you calling a cracker motherfucker?

Re:Zero day?

[JustOK]

what about this and that?

Re:Zero day?

"'Scuse me Egon? You said crossing the streams was bad! "

Remote?

Does this work from the WAN side? Video shows the exploit working on the LAN side of the router.

Re:Remote?

Does this work from the WAN side? Video shows the exploit working on the LAN side of the router.

What's the difference? Even if it is only vulnerable to the LAN side, a malicious webpage can still pwn it.

Re:Remote?

[Amouth]

that is far more difficult to do than if the exploit works on the WAN side.

Re:Remote?

[Technician]

Many router exploits use a web browser exploit to attempt default passwords on routers from the LAN side. This exploit is another way into a router from the WAN through a user PC.

Re:Remote?

[Fnord666]

Many router exploits use a web browser exploit to attempt default passwords on routers from the LAN side. This exploit is another way into a router from the WAN through a user PC

From all appearances though this would require not only a web browser exploit but also remote code execution on a PC inside the LAN. At that point they are already quite a ways down the road to fscked anyway.

DHS Needs to Make Announcement

[loxfinger]

The Department of Homeland Security needs to tell everyone to uninstall their Linksys routers until this is fixed, a la Java.

Re:DHS Needs to Make Announcement

The Department of Homeland Security needs to tell everyone to uninstall their Linksys routers until this is fixed, a la Java.

Um, wrong. The Department of Homeland Security needs to tell everyone to install Java on their Linksys routers so this exploit can't be used.

Re:DHS Needs to Make Announcement

[ab0mb88]

They will just as soon as DLink matches the political donations from Cisco.

Is this actually a big deal?

[jht]

So it's a vulnerability in the WRT54GL (and maybe the related routers) running mainly older firmware - it's a pretty old router model as are its cousins. And from watching the exploit video, it's a local vulnerability - not one you can exercise against the WAN port. So it looks like not such a big deal. After all, 98% of those just have the default password anyways.

If the more advanced gear (like the RV routers and such) have this issue then I might be concerned. But I don't have enough info yet to worry or not.

Re:Is this actually a big deal?

[omnichad]

Only if it's being used to run a cheap free wi-fi hotspot for a small business and managed not to catch fire running the default firmware. A WRT54GL would do just fine as a wi-fi hotspot on DD-WRT, but doubt it could handle the load on stock.

Re:Is this actually a big deal?

[gl4ss]

yeah the thing I was trying to find from skimming the article and video was just exactly that..

is it exploitable from outside network? if it's not, why are you calling it remote? if it is why are you demoing from local subnet?

a true remote exploit through the ip stack(or if it had something open) would be a big big deal..

Re:Is this actually a big deal?

is it exploitable from outside network? if it's not, why are you calling it remote? if it is why are you demoing from local subnet?

XSS turns a local exploit into a remote exploit rather easily.

Public Service Announcement

[Raystonn]

Unless you have remote administration enabled, this exploit is only achievable from a system within the local network. This attack is not an internet threat.

Re:Public Service Announcement

Unless coupled with a DNS rebinding attack (or something of similar nature) where an exploited computer on the network is used to take control of the router and give the hacker access. Because you know there have been no major exploits lately, that could be used as a launching point for this also.

Exploits like this are even more dangerous, because where people are apt to catch on their computer is exploited at some point, they may never notice their router is acting up.

Re:Public Service Announcement

Unless you have remote administration enabled, this exploit is only achievable from a system within the local network.

A web browser on the local network opens a malicious webpage. Now, what?

Re:Public Service Announcement

[fulldecent]

XSS?

Re:Public Service Announcement

If the GL is anything like my old wrt54gs then you can disable the admin interface on both the wan and wifi interfaces leaving it available from only the 4 wired ports. I suspect most people who bought one of these bought it for use with wifi, but If someone is using the wired ports then blocking the router's http admin ports in iptables (or other software firewall) on the box you browse from is probably not a bad idea.

Re:Public Service Announcement

Well, you can see from their video on youtube that this exploit is a windows executable, so as long as you're on a linux desktop then you're still okay. Why would you ever let a windows computer connect to your local network anyway?

Open Wi-Fi

[tepples]

If your Internet provider is "linksys", or if your restaurant is running home networking gear, then it very well may be exploitable.

This hardware comes with root exploits by default.

As if the default administrator login being a blank username with the password "admin" wasn't enough...

So if you are running DDWRT, then you're safe?

Is that correct?

default user pass?

[bhlowe]

Stupid question, but by "Default installation" do they mean that the default user/pass needs to be unchanged? 70 million routers is a lot.. even if only 1% uses remote administration.

Re:default user pass?

[gl4ss]

I don't think they mean that.
because that would be just too stupid.

they probably mean that it's running the default services like dhcp to the local subnet.

In that case many others might not be affected

[Sycraft-fu]

Most Liniksys routers these days run vxWorks. Now that doesn't mean that this vulnerability couldn't be above the OS/driver level and thus still applicable, or that the code isn't broken in the same way, but the GL model is something of an anomaly these days running their Linux firmware. They switches to vxWorks some time ago for most things. They claim it was to use less memory (and they did cut the RAM in their devices), Linux types claim it was to avoid having to GPL things.

Automatic updates

[MobyDisk]

Appliances need a system for automatic updates. The average person does not periodically look for updated firmware for their router, toaster, television, thermostat, etc. If it is connected to the internet, it needs an automatic update system.

(Yes, I know this router is old - I'm just speaking in general)

Re:Automatic updates

Appliances need a system for automatic updates. The average person does not periodically look for updated firmware for their router, toaster, television, thermostat, etc. If it is connected to the internet, it needs an automatic update system.

No, they do not.

The router's job is to route packets that I send to it, to the destinations specified in the packets.

It is emphatically not supposed to phone home to any "cloud" provider.

If a my router starts making unsolicited outbound connections, that's about the surest sign you can possibly have that it's been compromised. (In order to reliably detect it, of course, you need a second router/bridge acting as a firewall, but... nobody said security was about convenience.)

Re:Automatic updates

Not really. What happens when the device auto-updates itself and dies in the process? Now you have the average person who thinks the device does not work after X days or months and posts bad reviews on the unit, and/or have large return rates on it and large recertified/refurbished devices on the market. If you add redundancy (eg. dual flash, or one flash w/fail-over ROM) to mitigate these issues, that will just jack up the price.

It should be done in a registration system where it notes down what version you are running, then informs you by email that there is a new firmware available for your device.

Re:Automatic updates

[bobbied]

No, not a good idea. You can offer automated updates if the user opts into them, but the user must make that choice.

I'm not installing *anything* that doesn't at least give me the *option* to review updates before they get installed. If I choose to automatically update my windows machines, so be it. If it just phones home and installs updates, I'm not going to use the thing. I can see it now, some company decides to disable a whole family of equipment by issuing a bum software load, either on purpose or by mistake.

Oh wait.... Hasn't that actually happened?

Re:Automatic updates

More or less. See certain antivirus products issuing definition files that accidentally target crucial Windows files, or even itself.

Re:Automatic updates

[unitron]

Appliances need a system for automatic updates...

No they don't, they're appliances.

They're supposed to be built properly at the beginning.

Who in the heck

[Dishwasha]

The vulnerability itself was discovered during a Cisco Linksys product security evaluation for a client

has the kind of money to poney up for a security evaluation of this magnitude and buys freakin' crappy a$$ Linksys?

Re:WRT54GL - not just ?

[formfeed]

Stupid link talks about WRT54GL only.

To quote the original page:
Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.

Accident or backdoor?

It took quite a while to show up.

Another announcement

[vencs]

says that, Huawei also reported its routers face a similar vulnerability.

---
Protest online. Save the Planet.

Re:Another announcement

[grcumb]

Huawei also reported its routers face a similar vulnerability.

You should win the Internets for the day, but tragically your post is too far down to get noticed....

... And worse, some copy-catting smartass with an acute sense of irony just copied and pasted it way up top.... Oh, hang on - that was me. 8^)

Re:Another announcement

[vencs]

may the most glorious rays of the Internets be shone upon you!

Re:Another announcement

I noticed... Really, I did!

WRT54GL? Seriously?

Anybody caught using the original firmware on a WRT54GL deserve to be exploited. The L in this product name stands for Linux and most, if not all, third party firmware supports it. If you really want to grab somebody's attention, use a device that does not have any immediate third party support (eg, off the top of my head, the WRT160Nv2, which has the "no" status in DD-WRT router database) as demonstration.

Re:Yawn

[Neuroelectronic]

Until you use it as a proxy to launch other attacks. Are you really this stupid?

Re:Yawn

[icebike]

FUD, smoke, and mirrors. Getting a shell on one linux router is not such a coup.

Well, once you get root on the router you pretty much own everything behind it as well, because most people rely on
the router to protect them.

Re:This hardware comes with root exploits by defau

As if the default administrator login being a blank username with the password "admin" wasn't enough...

I don't care who you are, that there is funny.... LOL

I've found a pile of public access WiFi nodes out there that use the default SSID and the default user/password all over the world. Few folks ever do even basic security like changing the default password, so how bad can this Zero day thing be? Not that bad..

Where are my mod points when I need them?

And which default setting are we talking about?

[gelfling]

That would have been semi helpful. Some inkling. My WRT110 has a little setting called 'allow remote admin'. I hope we're talking about that non-issue.

Re:WRT54GL watch out for openwrt

[shoor]

Recent openwrt distros have a problem with the classic wrt54gl in that it doesn't have enough memory. I know because it happened to me. It installs, but when you try to change configuration, it bricks and you need to ground pin 15 to get it to reflash something. From the openwrt site:

"In a test with OpenWrt 10.03.1-rc6, the OS will install but LuCI will be unable to update settings because there isn't enough flash left free."

Old enough versions should work, but I'm happy with my tomato install.

Is this the same default password again?

I RTFAed, I'm not gonna WTFM.

One word: Tomato

[Gordo_1]

I run Shibby's builds on my Linksys E4200... Can't recommend them enough:
http://tomato.groov.pl/?page_id=164

Re:One word: Tomato

[Lothsahn]

Tomato may also be affected. See my post here:
http://hardware.slashdot.org/comments.pl?sid=3381865&cid=42588997

We won't know until full disclosure.

This is why I use pfsense now..

[cyberjock1980]

And its BS like this that I do not trust other companies any more than I have to for security.

So my router was made by me with wifi and all for less than $200 and uses pfsense. If there's a security risk I'm sure there will be a patch unlike some dlink and linksys problems. What happened when my last dlink router had a 0day exploit? dlink's public answer was "I'm sorry, we don't support your 2.3 year old router anymore, but if you buy our new shiniest router ever it has the firmware update to fix that exploit". So you're telling me you expect me to buy your product again when you've proven to me that you expect me to buy a new router from you every two years like clockwork? Heck no.

Besides, now that my Atom is all setup I've noticed latency on gaming is 1/2 of what it used to be and download speeds actually went up! Can't beat that!

Unfortunately there isn't any good open source Windows antivirus that I know of.

Linksys spies...

An exploit with an administration setup ultimately governed by Linksys? No...
http://tech.slashdot.org/story/12/06/29/1425210/cisco-pushing-cloud-connect-router-firmware-allows-web-history-tracking?sdsrc=rel
http://www.extremetech.com/computing/132142-ciscos-cloud-vision-mandatory-monetized-and-killed-at-their-discretion
WHo'd of thought a way around this brilliant idea? ^_^?

Cisco fixing something properly?

[alexandre]

It doesn't seem like they know what they are doing:
http://media.ccc.de/browse/congress/2012/29c3-5400-en-hacking_cisco_phones_h264.html

Re:WRT54GL watch out for openwrt

[drinkypoo]

Another vote here for tomato. Tomato makes me happy. I have it on a buffalo and two linksyses and they all work, WDS actually works, everything works.

Fritz boz

[1s44c]

I highly recommend getting a fritz box. The amount of stuff they can do is really cool.
The model I have is a NAS server, Media server for my blu-ray player, a PBX for cheap SIP calls, an answering machine for SIP or land line calls, a DECT phone base station, A print server for my USB printer, a VDSL modem, and a 4 port gigabit switch. All that in a small low power box.

Also you can update the firmware fairly easily although it does trash all your settings.

No I don't work for them.

Re:Fritz boz

Normally an update doesn't trash your settings.

TOR worm

I wished somebody would find an 0day for a popular router model and write a worm that installs TOR exits on all of them automatically.

Re:WRT54GL watch out for openwrt

Replying to my own post. I'm happy I got modded up to a 5, but I made a mistake. It's pin 16 you ground to reflash. You can find full instructions on the web.

Re:Yawn

[Cramer]

Actually, their video doesn't show shit. An apparent DOS box running a few commands, followed by a "nc" connection to a random port that may or MAY NOT actually be to a compromised system. Until they say exactly what they've exploited (with code), it's just Marketing FUD.