lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAD-LzdSvmLonmXNiRQKgs2zqw_2P6gk+Hv+C294jBVLDaJohSw@mail.gmail.com>
Date: Thu, 15 Aug 2013 17:43:49 -0400
From: kyle Lovett <krlovett@...il.com>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified
 unauthenticated remote access

-----------------------------------------------------------------------------
Vulnerabilities:
An unspecified bug can cause an unsafe/undocumented TCP port to open
allowing for:

- Unauthenticated remote access to all pages of the router
administration GUI, bypassing any credential prompts under certain
common configurations

- Direct access to several critical system files

CVE-ID 2013-5122
CWE-288: Authentication Bypass Using an Alternate Path or Channel
CVSS Base Score 10
CVSS Temporal Score 8.1
Exploitability Subscore: 10.0

Affected models and firmware:
Linksys SMART Wi-Fi Router N600 - EA2700 Firmware Version: 1.0.14
Linksys SMART Wi-Fi Router N750 Smooth Stream EA3500 Firmware Version: 1.0.30
Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.36
Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.37
Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.36
Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.37
-Web Server Lighttpd 1.4.28
-Running - Linux 2.6.22

-----------------------------------------------------------------------------

Vulnerability Conditions seen in all variations, though not limited too:
- Classic GUI has been enabled/installed
- Remote Management - Disabled
- UPnP - Enabled
- IPv4 SPI Firewall Protection - Disabled

Fixes and workarounds:

*** It is strongly advised to those that have the classic GUI firmware
installed to do a full WAN side scan for unusual ports that are open
that weren't specifically opened by the end user.

It is recommend to upgrade to firmware 2.1.39 on the E4200v2 and
EA4500, though it is uncertain if this resolves the problem in all
cases.
It is recommend to upgrade to firmware 1.1.39 on the EA2700 and
EA3500.though it is uncertain if this resolves the problem in all
cases.

Vendor: We have been working with Linksys/Belkin Engineers on this
problem, and they are still investigating the root cause. We hope to
have additional information on this bug soon.

-----------------------------------------------------------------------------

External Links Misc:
http://www.osvdb.org/show/osvdb/94768
http://www.securityfocus.com/archive/1/527027
http://securityvulns.com/news/Linksys/EA/1307.html
http://www.scip.ch/en/?vuldb.9326
http://www.mobzine.ro/ionut-balan/2013/07/vulnerabilitate-majora-in-linksys-ea2700-ea3500-e4200-ea4500/

Vendor product links:
http://support.linksys.com/en-us/support/routers/EA2700
http://support.linksys.com/en-us/support/routers/EA3500
http://support.linksys.com/en-us/support/routers/E4200
http://support.linksys.com/en-us/support/routers/EA4500

Discovered - 07-01-2013
Updated - 08-15-2013
Research Contact - K Lovett, M Claunch
Affiliation - SUSnet

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ