Thursday 17 January 2013

Security Issues for Cisco Routers Uncovered

Researchers have uncovered a root exploit zero-day affecting the default installation of an unknown number of Cisco’s Linksys routers. Cisco  has been urged to fix the potentially serious vulnerability before they release the full PoC on BugTraq and Full Disclosure in two weeks, per the vulnerability disclosure policy. The exploit on the Cisco Linksys WRT54GL model  was  performed and believe that other models are vulnerable as well. They aren’t entirely certain how many router models are impacted by the flaw, but they note that Cisco has sold some 70 million Linksys routers. The group claims to have previously reported the vulnerability to Cisco along with its proof-of-concept. Cisco allegedly responded to disclosure, telling them that the bug had been resolved in the most recent firmware update. The group later then tested their PoC again and determined that the current version of the router (4.30.14) and all previous versions remain vulnerable.
A Cisco spokesperson confirmed the vulnerability's existence via email, but claimed that the flaw only affected the Linksys WRT54GL home router, the same model on which the group tested their exploit. The spokesperson for Cisco assured claimed that Cisco has developed and is currently testing a fix for the issue. In the meantime, Cisco advises that customers using the WRT54GL router model stay safe by maintaining a securely configured wireless router.

No comments:

Post a Comment