‫ Linksys Multiple E-Series Routers Multiple Security Bypass Vulnerabilities

IRCAD2014023170
ID: IRCAD2014023170
Release Date: 2014-02-24
Criticality level: Highly critical
Software:

Linksys E4200

Linksys EA2700

Linksys EA3500

Linksys EA4500

Description:

Multiple vulnerabilities have been reported in multiple Linksys E-Series routers, which can be exploited by malicious people to bypass certain security restrictions.

1) The device does not properly restrict access to tmUnblock.cgi and hndUnblock.cgi, which can be exploited to inject and execute arbitrary shell commands.

Note: Reportedly, this vulnerability is currently actively exploited in the wild.

2) The device does not properly restrict access to the access console, which can be exploited to gain access to otherwise restricted functionality via TCP port 8083.

 
Solution

No official solution is currently available.

References:
Reddit theMoon worm:
Kyle Lovett and Matt Claunch:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اسفند 1392

امتیاز

امتیاز شما
تعداد امتیازها:0