Smokey Bearveritas odium paritPremium
|reply to antdude |
Re: Dangerous remote Linksys 0-day root exploit discovered
Update DefenseCode Security Blog | January 30, 2013
said by DefenseCode :Source: »blog.defensecode.com/2013/01/bro···ode.html
During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges.
Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router model is vulnerable - WRT54GL.
We have continued with our research and found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others.
Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable firmware component is also used across many other big-brand router manufacturers and many
Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers that produce or produced routers based on Broadcom chipset. We have contacted them with vulnerability details and we expect patches soon.
However, we would like to point out that we have sent more than 200 e-mails to various router manufacturers and various people, without much success.
Some of the manufacturers contacted regarding this vulnerability are:
- US Robotics
- and so on.
DefenseCode Security Advisory Broadcom UPnP Remote Preauth Code Execution Vulnerability (PDF): »www.defensecode.com/public/Defen···sory.pdf
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyones going to think youre a moron.
»bit.ly/V5mACB - How-To: Destroying a faulty keyboard
After reading this - is the upnp part relative to this topic?
»Security Flaws in Universal Plug-n-Play: Unplug, Don't Play
I'm not sure where to post now, but I'm being specific to Broadcom chipsets and this topic isn't a discussion on them.
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke