UPDATE: Linksys router vulnerability (add'l models affected)

From: Seth Bromberger (sbbugtraq1102@yahoo.com)
Date: 11/20/02

  • Next message: Oleg A. Lebedev: "Allied Telesyn switches & routers vulnerability"
    Date: Wed, 20 Nov 2002 12:37:48 -0800 (PST)
    From: Seth Bromberger <sbbugtraq1102@yahoo.com>
    To: bugtraq@securityfocus.com
    
    

    As a followup to the "Linksys router vulnerability"
    posting to this list on Monday, 18 November.

    Linksys has confirmed that this problem affects the
    following products IN ADDITION TO the products listed
    in the original posting:

    BEFVP41
    BEFSX41
    BEFSR81
    BEFN2PS4
    HPRO200

    with firmware versions later than 1.42.7 (2.42.7 for
    the BEFSR81). From Linksys support:

    "Until the updated firmware is released, we recommend
    that users downgrade the firmware to an earlier
    release, or minimize the risk of an attack by
    disabling remote management of the device."

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Web Hosting - Let the expert host your site
    http://webhosting.yahoo.com



    Relevant Pages

    • [NEWS] Vulnerability Report for Linksys Devices
      ... - Linksys BEFSR81. ... Firmware v1.42.7 ... Known to be vulnerable to some of the bugs here described: ... them, as far as Carlos could verify, are post authentication. ...
      (Securiteam)
    • CORE-20021005: Vulnerability Report For Linksys Devices
      ... Vulnerability Report For Linksys Devices ... Remotely exploitable Buffer overflows and Authentication ... on the internet, upload a new firmware, and perform any other configuration ...
      (Bugtraq)
    • Re: Linksys routers, SNMP issues
      ... Note that the BEFSR41 (and most likely numerous other Linksys ... the latest firmware upgrades fix most models. ... Enterprise Specific Trap Uptime: 2 days, 19:00:23.36, ...
      (Bugtraq)
    • IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
      ... Manufacturer: Linksys ... Successfully tested on Linksys WAP54Gv3 loaded with firmware version ... A cross-site scripting vulnerability is present in the debug.cgi page, ...
      (Bugtraq)
    • Linksys router vulnerability
      ... Linksys products running affected firmware versions ... This bug affects ... It appears that the Linksys HTTP management interface ...
      (Bugtraq)