Researchers have uncovered a root exploit zero-day affecting the
default installation of an unknown number of Cisco’s Linksys routers.
Cisco has been urged to fix the potentially serious vulnerability
before they release the full PoC on BugTraq and Full Disclosure in two
weeks, per the vulnerability disclosure policy. The exploit on
the Cisco Linksys WRT54GL model was performed and believe that other
models are vulnerable as well. They aren’t entirely certain how many
router models are impacted by the flaw, but they note that Cisco has
sold some 70 million Linksys routers. The group claims to have
previously reported the vulnerability to Cisco along with its
proof-of-concept. Cisco allegedly responded to disclosure, telling them
that the bug had been resolved in the most recent firmware update. The
group later then tested their PoC again and determined that the current
version of the router (4.30.14) and all previous versions remain
vulnerable.
A Cisco spokesperson confirmed the vulnerability's
existence via email, but claimed that the flaw only affected the Linksys
WRT54GL home router, the same model on which the group tested their
exploit. The spokesperson for Cisco assured claimed that Cisco has
developed and is currently testing a fix for the issue. In the meantime,
Cisco advises that customers using the WRT54GL router model stay safe
by maintaining a securely configured wireless router.
No comments:
Post a Comment