| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50EED6DA.6040309@defensecode.com> Date: Thu, 10 Jan 2013 15:57:30 +0100 From: DefenseCode <defensecode@...ensecode.com> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth (root access) vulnerability in default installation of their Linksys routers that we've discovered. We gave them detailed vulnerability description along with the PoC exploit for the vulnerability. They said that this vulnerability was already fixed in latest firmware release... Well, not this particular vulnerability, since the latest official Linksys firmware - 4.30.14, and all previous versions are still vulnerable. Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected. Cisco Linksys is a very popular router with more than 70,000,000 routers sold. That's why we think that this vulnerability deserves attention. According to our vulnerability disclosure policy, the vulnerability details will be disclosed in following 2 weeks on http://www.defensecode.com/ , BugTraq and Full Disclosure. Due to the severity of this vulnerability, once again we would like to urge Cisco to fix this vulnerability. The vulnerability is demonstrated in the following video: http://www.youtube.com/watch?v=cv-MbL7KFKE&hd=1 Kind Regards, DefenseCode LTD. E-mail: defensecode[at]defensecode.com Website: http://www.defensecode.com Advisory URL: http://www.defensecode.com/article/upcoming_cisco_linksys_remote_preauth_root_exploit-33 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists