Full Disclosure: AirOS remote root 0day

AirOS remote root 0day

From: Christopher Granger <chrisgrangerx () gmail com>
Date: Fri, 23 Dec 2011 16:46:28 +0000

Does anyone have additional information about this vulnerability?

It looks like it can be exploited by requesting:

http://[X.X.X.X]/admin.cgi/[any or no filename string].css

Although http://gregsowell.com/?p=3428 states: "The exploit appears to be a
flaw in the admin.cgi file(CORRECTION…IT IS ALL PAGES SO WE WILL BLOCK ALL
CGI)."

However, this last runs counter to what I've seen so far ...

Thanks,
-Chris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

AirOS remote root 0day sd (Dec 22)
- <Possible follow-ups>
- AirOS remote root 0day Christopher Granger (Dec 24)
  - Re: AirOS remote root 0day sd (Dec 25)