Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
- From: Alex Buie <abuie@xxxxxxxxxxxxxxx>
- Date: Mon, 13 Feb 2012 06:47:09 -0500
Just morbidly curious, what did you use for the SSID?
On Feb 12, 2012 5:31 PM, "Derek" <derek@xxxxxxxxxxx> wrote:
They should at least consider providing an option to disable the static_______________________________________________
pin only or disable it after an hour if the future is activated by the user.
Seems to be something that could be included in a future firmware update.
For a vendor to provide another mechanism for a user to get remotely
hacked (within wireless TX/RX range) and not address it in a reasonable
amount of time, exposes the less technical user, who is was intended to
help in the first place.
It would be interesting to see if this feature went through a technical
security risk assessment and if so, how the static pin was rationalised for
public release.
I setup an isolated vulnerable device and had attack traffic within 2 days
of it being activated. I did make the SSID very attractive, but the war
drivers are certainly getting out of the house again.
Thanks
Derek
On 13/02/2012, at 1:47, Rob Fuller <jd.mubix@xxxxxxxxx> wrote:
I've tested a 6 models of Linksys, all of them appear to disable WPS_________________________________________________________________________
completely as soon as a single wireless setting is set. I assume this
would be the reason Cisco/Linksys aren't putting much stock in
'fixing' it further. If anyone has any experience to contradict this
or have a modification to current tools to circumvent what I've
perceived as disabled, I, as I'm sure Craig, would be very interested.
--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org
On Sat, Feb 11, 2012 at 4:23 PM, <farthvader@xxxxxxx> wrote:
_________________________________________________________________________"Use Tomato-USB OS on them."
_________________________________________________________________________
Besides you void warranty...
list of DD-WRT Supported routers:
E1000 supported
E1000 v2 supported
E1000 v2.1 supported
E1200 v1 ???
E1200 v2 ???
E1500 ???
E1550 ???
E2000 supported
E2100L supported
E2500 not supported
E3000 supported
E3200 supported
E4200 v1 not supported yet
E4200 v2 not supported
M10 ????
M20 ????
M20 v2 ????
RE1000 ????
WAG120N not supported
WAG160N not supported
WAG160N v2 not supported
WAG310G not supported
WAG320N not supported
WAG54G2 not supported
WAP610N not supported
WRT110 not supported
WRT120N not supported
WRT160N v1 supported
WRT160N v2 not supported
WRT160N v3 supported
WRT160NL supported
WRT310N v1 supported
WRT310N v2 not supported yet
WRT320N supported
WRT400N supported
WRT54G2 v1 supported
WRT54G2 v1.3 supported
WRT54G2 v1.5 not supported
WRT54GS2 v1 supported
WRT610N v1 supported
WRT610N v2 supported
X2000 not supported
X2000 v2 not supported
X3000 not supported.
turn it off either."
"Fixing? Heh.
Aside from rate limiting WPS, there isn't much of a fix, and you can't
_________________________________________________________________________
you got the pin after 7 month - 2 years for example, you are completely
What about removing WuPS entirely?
WuPS is a total failure because:
1. Even if everything is fine 8 digits long is very weak because once
pwned.
a string like "omgponnies"
2. Pin number is fixed you can't change it to a longer number or maybe
keypad only cell phones), if some people are lazy, you don't have to
3. Setting up a WPA2 password manually it's a piece of cake (even with
weakening the security of a strong protocol.
Farth Vader
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- References:
- Prev by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
- Next by Date: [Full-disclosure] EditWRX CMS Remote Code Execution + Admin Bypass Zero Day
- Previous by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
- Next by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
- Index(es):
Relevant Pages
|
