Remote Linksys 0-Day Root Exploit Uncovered

← Back to Stories (view on slashdot.org)

Remote Linksys 0-Day Root Exploit Uncovered

Posted by samzenpus on Monday January 14, 2013 @09:39AM from the protect-ya-neck dept.

Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."

5 of 133 comments (clear)

Min score:

Reason:

Sort:

I'm fine. by drunkennewfiemidget · 2013-01-14 09:44 · Score: 5, Funny

I'm pretty sure my Linksys router doesn't have that vulnerabil -- HA JUST KIDDING, WHO WANTS MY CREDIT CARD NUMBER?
Re:WRT54GL by YodasEvilTwin · 2013-01-14 09:49 · Score: 5, Funny

Wait, are we pronouncing the hyphens or not?
Re:Zero day? by Anonymous Coward · 2013-01-14 09:56 · Score: 3, Funny

What's zero-day about this exploit?
It was found during testing, and there are no exploits in the wild.
As such it fails BOTH tests for being a zero day exploit:
- The company must not know the details of the exploit
- It must be in the wild
Stop using the phrase "zero day" about just any exploitable bug. Call them security vulnerabilities, which is what they are.
zero day sounds cool man, it's like black ice and cyberspace all over again man...far out... ...peace.... //tech journalist -68
DHS Needs to Make Announcement by loxfinger · 2013-01-14 10:05 · Score: 5, Funny

The Department of Homeland Security needs to tell everyone to uninstall their Linksys routers until this is fixed, a la Java.
Another announcement by vencs · 2013-01-14 10:57 · Score: 4, Funny

says that, Huawei also reported its routers face a similar vulnerability.

---
Protest online. Save the Planet.