Remote zero-day hole found in Linksys routers

Powered by SC Magazine
 

Researchers say all routers likely affected.

A zero-day vulnerability has been discovered in popular Cisco Linksys routers that allows hackers to gain remote root access.

The hole affects default installations of Linksys routers and is demonstrated in a proof of concept video.

A zero day attack is one which exploits a previously unknown vulnerability. 

An exploit was successfully tested against a Linksys model WRT54GL router by researchers at security firm DefenseCode, who said other models "are probably also affected".

 Cisco claims to have sold more than 70 million Linksys routers globally.

DefenseCode said all firmware versions are vulnerable, and claimed Cisco incorrectly stated the hole was fixed in its latest firmware release.

"Due to the severity of this vulnerability, once again we would like to urge Cisco to fix this vulnerability," the security firm said in a statement.

A patch is due out this week, days ahead of DefenseCode's scheduled release of the full vulnerability details.

A spokesperson for Cisco/Linksys said the company "takes the security of our products and customers’ home networks very seriously.

"Although we can confirm contact with DefenseCode, we have no new vulnerability information related to our WRT54GL or other home routers to share with customers at this time," the spokesperson said. "We will continue to review new information that comes to light and will provide customer updates as appropriate."

Copyright © SC Magazine, Australia


Remote zero-day hole found in Linksys routers
 
 
 
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1092

Vote