Full Disclosure: Re: Linksys Routers still Vulnerable to Wps vulnerability.

[Dan Kaminsky <dan () doxpara com>]

"Fixing a vulnerability like this with all the bureoucratic, QA and legal process wouldn't take no more than 2 weeks"

If bureaucratic, QA, and legal issues emerge, you can't even get the names of the people you need to speak to in less 
than 2 weeks, let alone schedule a conference call. Fixing?  Heh.  

Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either.

Sent from my iPhone

On Feb 10, 2012, at 2:40 AM, farthvader () hush ai wrote:

> Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup Pin registrar Brute force attack.
> No patch or workaround exist at the making of this post.
>
> Vulnerable list and alleged patch availability:
> source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
>
>  E1000      To Be Disclosed (aka we don't have idea)
>  E1000 v2      To Be Disclosed
>  E1000 v2.1      To Be Disclosed
>  E1200 v1     early March
>  E1200 v2     early March
>  E1500     early March
>  E1550     mid March
>  E2000     To Be Disclosed
>  E2100L     mid March
>  E2500     early March
>  E3000     To Be Disclosed 
>  E3200     early March
>  E4200 v1     early March
>  E4200 v2     To Be Disclosed
>  M10     To Be Disclosed
>  M20     To Be Disclosed
>  M20 v2     To Be Disclosed
>  RE1000     early March
>  WAG120N     To Be Disclosed
>  WAG160N     To Be Disclosed
>  WAG160N v2     To Be Disclosed
>  WAG310G     To Be Disclosed
>  WAG320N     To Be Disclosed
>  WAG54G2     To Be Disclosed
>  WAP610N     To Be Disclosed
>  WRT110     To Be Disclosed
>  WRT120N     To Be Disclosed
>  WRT160N v1     To Be Disclosed
>  WRT160N v2     To Be Disclosed
>  WRT160N v3     To Be Disclosed
>  WRT160NL     To Be Disclosed
>  WRT310N v1     To Be Disclosed
>  WRT310N v2     To Be Disclosed
>  WRT320N     To Be Disclosed
>  WRT400N     To Be Disclosed
>  WRT54G2 v1     To Be Disclosed
>  WRT54G2 v1.3     To Be Disclosed
>  WRT54G2 v1.5     To Be Disclosed
>  WRT54GS2 v1     To Be Disclosed
>  WRT610N v1     To Be Disclosed
>  WRT610N v2     To Be Disclosed
>  X2000     To Be Disclosed
>  X2000 v2     To Be Disclosed
>  X3000     To Be Disclosed
>
> The question is why a big company like Cisco/Linksys didn't release a patch since almost 1 month and a half ?.
>
> Well i have circumstantial evidence that Cisco outsource some of their Linksys firmware routers to other companies 
> (Arcadyan for example.) in some cases source code is only available through NDA's or not available at all. That's why 
> they are taking so long to release a fix to the WPS vulnerability. Fixing a vulnerability like this with all the 
> bureoucratic, QA and legal process wouldn't take no more than 2 weeks. I found some GPL violations by the way but 
> this is beyond the scope of this message (obfuscating firmware it's useless you now).
>
> I apologize if i offended someone but IT security it's serious business specially if someone use your wifi to commit 
> crimes.
> This vulnerability contains public and very easy to use exploit code, it's not a Denial of Service.
>
>
> Farth Vader.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/