UPDATE: Linksys router vulnerability (add'l models affected)

From: Seth Bromberger (sbbugtraq1102@yahoo.com)
Date: 11/20/02

  • Next message: Oleg A. Lebedev: "Allied Telesyn switches & routers vulnerability"
    Date: Wed, 20 Nov 2002 12:37:48 -0800 (PST)
    From: Seth Bromberger <sbbugtraq1102@yahoo.com>
    To: bugtraq@securityfocus.com

    As a followup to the "Linksys router vulnerability"
    posting to this list on Monday, 18 November.

    Linksys has confirmed that this problem affects the
    following products IN ADDITION TO the products listed
    in the original posting:


    with firmware versions later than 1.42.7 (2.42.7 for
    the BEFSR81). From Linksys support:

    "Until the updated firmware is released, we recommend
    that users downgrade the firmware to an earlier
    release, or minimize the risk of an attack by
    disabling remote management of the device."

    Do you Yahoo!?
    Yahoo! Web Hosting - Let the expert host your site

    Relevant Pages

    • [NEWS] Vulnerability Report for Linksys Devices
      ... - Linksys BEFSR81. ... Firmware v1.42.7 ... Known to be vulnerable to some of the bugs here described: ... them, as far as Carlos could verify, are post authentication. ...
    • CORE-20021005: Vulnerability Report For Linksys Devices
      ... Vulnerability Report For Linksys Devices ... Remotely exploitable Buffer overflows and Authentication ... on the internet, upload a new firmware, and perform any other configuration ...
    • Re: Linksys routers, SNMP issues
      ... Note that the BEFSR41 (and most likely numerous other Linksys ... the latest firmware upgrades fix most models. ... Enterprise Specific Trap Uptime: 2 days, 19:00:23.36, ...
    • IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
      ... Manufacturer: Linksys ... Successfully tested on Linksys WAP54Gv3 loaded with firmware version ... A cross-site scripting vulnerability is present in the debug.cgi page, ...
    • Linksys router vulnerability
      ... Linksys products running affected firmware versions ... This bug affects ... It appears that the Linksys HTTP management interface ...