Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Linksys 0-Day Root Exploit Uncovered

Posted by samzenpus on Monday January 14, 2013 @09:39AM from the protect-ya-neck dept.

Orome1 writes "DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable."

1 of 133 comments (clear)

Min score:

Reason:

Sort:

Zero day? by arth1 · 2013-01-14 09:48 · Score: 5, Insightful

What's zero-day about this exploit?
It was found during testing, and there are no exploits in the wild.
As such it fails BOTH tests for being a zero day exploit:
- The company must not know the details of the exploit
- It must be in the wild
Stop using the phrase "zero day" about just any exploitable bug. Call them security vulnerabilities, which is what they are.