mailing list archives
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
From: DefenseCode <defensecode () defensecode com>
Date: Thu, 10 Jan 2013 15:58:43 +0100
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth
0day Root Exploit
Story behind the vulnerability...
Months ago, we've contacted Cisco about a remote preauth (root access)
in default installation of their Linksys routers that we've discovered.
We gave them
detailed vulnerability description along with the PoC exploit for the
They said that this vulnerability was already fixed in latest firmware
Well, not this particular vulnerability, since the latest official
Linksys firmware -
4.30.14, and all previous versions are still vulnerable.
Exploit shown in this video has been tested on Cisco Linksys WRT54GL,
Linksys versions/models are probably also affected.
Cisco Linksys is a very popular router with more than 70,000,000 routers
That's why we think that this vulnerability deserves attention.
According to our vulnerability disclosure policy, the vulnerability
details will be
disclosed in following 2 weeks on http://www.defensecode.com/ , BugTraq and
Due to the severity of this vulnerability, once again we would like to
to fix this vulnerability.
The vulnerability is demonstrated in the following video:
- DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit DefenseCode (Jan 10)