[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20120210074003.441B86F443@smtp.hushmail.com>
Date: Fri, 10 Feb 2012 07:40:03 +0000
From: farthvader@...h.ai
To: full-disclosure@...ts.grok.org.uk
Subject: Linksys Routers still Vulnerable to Wps
vulnerability.
Don't buy Linksys Routers they are vulnerable to Wifi unProtected
Setup Pin registrar Brute force attack.
No patch or workaround exist at the making of this post.
Vulnerable list and alleged patch availability:
source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
E1000 To Be Disclosed (aka we don't have idea)
E1000 v2 To Be Disclosed
E1000 v2.1 To Be Disclosed
E1200 v1 early March
E1200 v2 early March
E1500 early March
E1550 mid March
E2000 To Be Disclosed
E2100L mid March
E2500 early March
E3000 To Be Disclosed
E3200 early March
E4200 v1 early March
E4200 v2 To Be Disclosed
M10 To Be Disclosed
M20 To Be Disclosed
M20 v2 To Be Disclosed
RE1000 early March
WAG120N To Be Disclosed
WAG160N To Be Disclosed
WAG160N v2 To Be Disclosed
WAG310G To Be Disclosed
WAG320N To Be Disclosed
WAG54G2 To Be Disclosed
WAP610N To Be Disclosed
WRT110 To Be Disclosed
WRT120N To Be Disclosed
WRT160N v1 To Be Disclosed
WRT160N v2 To Be Disclosed
WRT160N v3 To Be Disclosed
WRT160NL To Be Disclosed
WRT310N v1 To Be Disclosed
WRT310N v2 To Be Disclosed
WRT320N To Be Disclosed
WRT400N To Be Disclosed
WRT54G2 v1 To Be Disclosed
WRT54G2 v1.3 To Be Disclosed
WRT54G2 v1.5 To Be Disclosed
WRT54GS2 v1 To Be Disclosed
WRT610N v1 To Be Disclosed
WRT610N v2 To Be Disclosed
X2000 To Be Disclosed
X2000 v2 To Be Disclosed
X3000 To Be Disclosed
The question is why a big company like Cisco/Linksys didn't release a
patch since almost 1 month and a half ?.
Well i have circumstantial evidence that Cisco outsource some of their
Linksys firmware routers to other companies (Arcadyan for example.) in
some cases source code is only available through NDA's or not
available at all. That's why they are taking so long to release a fix
to the WPS vulnerability. Fixing a vulnerability like this with all
the bureoucratic, QA and legal process wouldn't take no more than 2
weeks. I found some GPL violations by the way but this is beyond the
scope of this message (obfuscating firmware it's useless you now).
I apologize if i offended someone but IT security it's serious
business specially if someone use your wifi to commit crimes.
This vulnerability contains public and very easy to use exploit code,
it's not a Denial of Service.
Farth Vader.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists