lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201512070408.tB748Lq4018467@sf01web3.securityfocus.com>
Date: Mon, 7 Dec 2015 04:08:21 GMT
From: mwinstead3790@...il.com
To: bugtraq@...urityfocus.com
Subject: Edimax BR-6478AC & Others Multiple Vulnerabilites

* Exploit Title: Edimax BR-6478AC & Others Mutiple root-level execution vulnerabilities
* Discovery Date: 2015/06
* Public Disclosure Date: 2015/12/06
* Vulnerability Author: Michael Winstead
* Vendor Homepage: http://www.edimax.com/edimax/global/
* Category: embedded routers

Description
========================================================================
Multiple authenticated web requests to the administrative webapp on the Edimax BR-6478AC and
other Edimax routers may allow an attacker root-level access to the underlying system. Additional
exploitation vector of non-cryptographically protected automatic updates could allow for an
"Evilgrade" style attack on a target. 

Write-up and communications log may be found at:
https://docs.google.com/document/d/1fDnXf0ymgnCDf6pK46c64jyQZa4CqX4BBUGKrH00dVw

Timeline
========================================================================
2015/6/7 - Vendor notified via email
2015/8/20 - Vendor agrees to patch devices
2015/10/14 - Vendor releases patches
2015/11/24 - Coordinate with CERT for public release
2015/12/6 - Public vulnerability release

Solution
========================================================================
Update the following Edimax WiFi devices to at least the following versions:

1. BR-6478AC v2.20
2. BR-6208AC v1.28
3. BR-6288ACL v1.10
4. BR-6228nS_v2 v1.22
5. BR-6228nC_v2 v1.22
6. BR-6428nS_v2 v1.16
7. BR-6428nC v1.16

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ