dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2684
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4

Dangerous remote Linksys 0-day root exploit discovered!

1:51PM »www.net-security.org/secworld.php?id=14234

Uh oh. I have that old router too!



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

3 recommendations

said by antdude:

1:51PM »www.net-security.org/secworld.php?id=14234

Uh oh. I have that old router too!

What is being demonstrated in their video is not a remote exploit. Launching an application targeting 192.168.1.1 is not going to access a remote router.

Perhaps they have more that they are not showing in the video, but accessing a router from its LAN interface is not necessarily the same as accessing it from its WAN interface (which would be a requirement to be called a remote exploit). If an intruder already has access to your LAN, it is not your network anymore (whether they get root access to your perimeter router or not).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


BoToMaTiC

join:2003-10-29
Louisville, KY

1 recommendation

reply to antdude

Cisco/Linksys just released new firmware for the WRT54GL, don't know about other routers.

»homesupport.cisco.com/en-us/supp···/WRT54GL

Firmware
01/10/2013

Firmware 4.30.16 (build 4)
- Resolves XSS issue.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by BoToMaTiC:

Cisco/Linksys just released new firmware for the WRT54GL, don't know about other routers.

»homesupport.cisco.com/en-us/supp···/WRT54GL

Firmware
01/10/2013

Firmware 4.30.16 (build 4)
- Resolves XSS issue.

I will try it over the weekend or so. You guys go first. :P

XSS - Cross site scripting?


BoToMaTiC

join:2003-10-29
Louisville, KY

1 recommendation

said by antdude:

said by BoToMaTiC:

Cisco/Linksys just released new firmware for the WRT54GL, don't know about other routers.

»homesupport.cisco.com/en-us/supp···/WRT54GL

Firmware
01/10/2013

Firmware 4.30.16 (build 4)
- Resolves XSS issue.

I will try it over the weekend or so. You guys go first. :P

XSS - Cross site scripting?

I have already upgraded, did 30-30-30 reset, redid my settings and everything seems fine.

XSS - Cross site scripting?
That's what it looks like.

hardly
Premium
join:2004-02-10
USA

Anyone know if this works properly on at WRT54G v4 ? (supposedly identical to WRT54GL v1)



jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR

1 edit
reply to antdude

Does anyone actually run the Linksys firmware on these routers? I think many here, at least they should, are running a third party firmware.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

1 recommendation

said by jbob:

Does anyone actually run the Linksys firmware on these routers? I think many hear, at least they should, are running a third party firmware.

I do. The problem is its complex instructions and easy to brick. I don't want to try it until I have a spare wireless router to use in case something goes wrong.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


unknvoip
RIP goose
Premium
join:2006-07-25
Rochester, NY
kudos:1
Reviews:
·ViaTalk

1 recommendation

reply to jbob

said by jbob:

Does anyone actually run the Linksys firmware on these routers? I think many hear, at least they should, are running a third party firmware.

Based on the number of times I see wireless ssid's of LYNKSYS, yes many people are running that firmware. A fair number of them have the default password I am guessing. Most of those people don't read dslreports and don't know anything about 3rd party firmware.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 recommendation

reply to antdude

Here's the source of all this:
»www.defensecode.com/article/upco···ploit-33

You can try to read between the lines all day with speculation. For example, XSS is the process of inserting code to run as trusted in web pages and the demo EXE may simply represent that code that could come from a webpage but run locally. But public demos giving away much detail wouldn't be in their best interest, too.

DefenseCode does say they tested WRT54GL 4.30.14 which is earlier than the 4.30.16 which is dated the same day as the DefenseCode announcement. Kinda strange.

Conclusion: No way to know. Just speculate. We have 2 days before they say they will disclose. At that time we'll learn much more.



CylonRed
Premium,MVM
join:2000-07-06
Bloom County

1 recommendation

reply to jbob

said by jbob:

Does anyone actually run the Linksys firmware on these routers? I think many here, at least they should, are running a third party firmware.

Yes - I do - thought about using 3rd party but the Linksys firmware works perfectly fine for me.
--
Brian

"It drops into your stomach like a Abrams's tank.... driven by Rosanne Barr..." A. Bourdain


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit

1 recommendation

I'll do some speculation just to see how close I am...

Many of you may have noticed when you try to access your own public IP you get the router web page. Still true? My speculation is that this rule is made advantage of. It's not your LAN IP it's a public IP (that happens to be your own) so it'll get by a lot of security fixes against local addressing. Cross-Site Scripting (XSS) had exploits to access local LAN addresses but this Linksys quirk is sort of an invitation.

IF that's all it is... securing your password off default would be #1. But everyone here should already know THAT, anyway.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by Bill_MI:

I'll do some speculation just to see how close I am...

Many of you may have noticed when you try to access your own public IP you get the router web page. Still true? My speculation is that this rule is made advantage of. It's not your LAN IP it's a public IP (that happens to be your own) so it'll get by a lot of security fixes against local addressing. Cross-Site Scripting (XSS) had exploits to access local LAN addresses but this Linksys quirk is sort of an invitation.

IF that's all it is... securing your password off default would be #1. But everyone here should already know THAT, anyway.

Of course, if the Linksys router(s) in question have a default backdoor password, that might not help. My Netgear WNR1000v2-VC (running stock Netgear firmware) has such a hidden "root" password, and I take advantage of it when I occasionally need to look at something that the html admin pages don't show me by running a Netgear utility called "TelnetEnable". That utility does exactly what the POC seems to be doing, it opens up a Linux command line interface (with "root" privileges) to the router (and the "admin" password I have setup is irrelevant to this process).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

said by NetFixer:

Of course, if the Linksys router(s) in question have a default backdoor password, that might not help.

Absolutely!

I know it's a Linux environment but do I recall logging in can use a (BLANK) or any username? Or do you have to sign in with user "root"? I vaguely recall, like other Linksys routers, they may have hacked in that compatibility. It's just that kind of change that can open a vulnerability if it's done wrong.


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

1 recommendation

reply to antdude

said by antdude:

said by jbob:

Does anyone actually run the Linksys firmware on these routers? I think many hear, at least they should, are running a third party firmware.

I do. The problem is its complex instructions and easy to brick. I don't want to try it until I have a spare wireless router to use in case something goes wrong.

What antdude said:
»Linksys E1000: Is it bricked?

My E1000 is now a paperweight.


jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR

said by planet:

said by antdude:

said by jbob:

Does anyone actually run the Linksys firmware on these routers? I think many hear, at least they should, are running a third party firmware.

I do. The problem is its complex instructions and easy to brick. I don't want to try it until I have a spare wireless router to use in case something goes wrong.

What antdude said:
»Linksys E1000: Is it bricked?

My E1000 is now a paperweight.

To be clear my comment about not using the Linksys firmware was for the router in question. The 54GL.

I'm not sure what is so hard about flashing the GL series router. It is so user friendly. Flashing this thing couldn't get any easier. Just pick DD-WRT or Tomato and flash away. There are so many more options available via these two third party firmwares that it makes not using them foolish. lol But I also understand if one doesn't really want to. If the stock firmware works what more can you ask for! Oh another exploit!


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

DefenseCode finally released their findings. It's related to the uPnP abomination (see »Security Flaws in Universal Plug-n-Play: Unplug, Don't Play) but specific to Broadcom devices.

»blog.defensecode.com/2013/01/bro···ode.html