Zero Day Vulnerability in Cisco Linksys Routers
The 0day vulnerability time continues. This time, Cisco Linksys products are affected.
As it became known , the vulnerability allows the external network to access the device as the root user without authentication. Vulnerable versions of Linksys firmware up to:
4.30.14 inclusive. There are currently no recommendations for protection. Thus, currently all available versions of the Linksys firmware are vulnerable, which puts at risk about 70 million devices on the network.
Cisco was notified of the problem a few months ago, but the fix was never released. Researchers who discovered the vulnerability plan to reveal the details together with the demo PoC code within 2 weeks.
While video demonstration of vulnerability is available. Judging by it, from the third time it was possible to get unauthorized access to the device. Cisco Linksys WRT54GL was chosen as the victim.
As it became known , the vulnerability allows the external network to access the device as the root user without authentication. Vulnerable versions of Linksys firmware up to:
4.30.14 inclusive. There are currently no recommendations for protection. Thus, currently all available versions of the Linksys firmware are vulnerable, which puts at risk about 70 million devices on the network.
Cisco was notified of the problem a few months ago, but the fix was never released. Researchers who discovered the vulnerability plan to reveal the details together with the demo PoC code within 2 weeks.
While video demonstration of vulnerability is available. Judging by it, from the third time it was possible to get unauthorized access to the device. Cisco Linksys WRT54GL was chosen as the victim.