Remote Linksys 0-Day Root Exploit Uncovered

Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."

WRT54GL

[markdavis]

Yes, you would think the summary would at LEAST say *WHICH* router it affects, since Linksys has lots of different models. It is the WRT54GL.

I *love* that router and have probably 30 of them. Low power draw, real antenna, wall mountable, etc. My recommendation- install Toastman Tomato on it. They never crash, freeze, freak out, not work with certain devices, etc. Rock solid stuff.

Strangely, the WRT54GL is STILL BEING SOLD!

Re:WRT54GL

[Synerg1y]

People still run their 54gl's stock???

Repeat after me: d-d--w-r-t

Turns your router into something more like one of those fancy enterprise cisco routers. The 54gl is dd-wrt's 1st platform I believe (too lazy to look it up), so compatibility is bound to be around 100%.

Re:WRT54GL

[VValdo]

I agree it's bad form not to put the router models in the summary. But from the press release...

Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.

(emphasis mine)

Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response to everyone reinstalling dd-wrt and other firmware...

Re:WRT54GL

[Lothsahn]

I love Tomato too--in fact, I use it at my house. However, Tomato was originally based off Stock Linksys, and might also be affected. Until full disclosure occurs, we'll not know for sure.

Re:Remote?

[Amouth]

that is far more difficult to do than if the exploit works on the WAN side.

Re:WRT54GL?

[Baloroth]

Just gotta ask: have they tried it on any OTHER models? Because that's an OLD OLD router that shouldn't even be running cisco/linksys firmware anymore.

If by "OLD OLD" you mean "is still produced, sold, and obviously supported, and can be purchased on Newegg right this second with stock firmware" then sure. It's an extremely common router, even among the non-techie crowd, so I wouldn't be surprised if the majority of them are still on stock firmware.

Public Service Announcement

[Raystonn]

Unless you have remote administration enabled, this exploit is only achievable from a system within the local network. This attack is not an internet threat.

Re:WRT54GL watch out for openwrt

[shoor]

Recent openwrt distros have a problem with the classic wrt54gl in that it doesn't have enough memory. I know because it happened to me. It installs, but when you try to change configuration, it bricks and you need to ground pin 15 to get it to reflash something. From the openwrt site:

"In a test with OpenWrt 10.03.1-rc6, the OS will install but LuCI will be unable to update settings because there isn't enough flash left free."

Old enough versions should work, but I'm happy with my tomato install.