(LiveHacking.Com) – A zero-day remote root access vulnerability has been found the Linksys WRT54GL routers with the possibility that other routers in the range are also affected. The vulnerability was found by DefenseCode who published a proof-of-concept video on YouTube.
According to DefenseCode, Cisco was contacted about the remote preauth (root access) vulnerability several months ago. The company also passed-on a detailed vulnerability description along with the PoC exploit for the vulnerability.
It seems that Cisco thought that the vulnerability was already fixed in the latest firmware, but according to DefenseCode it isn’t.
“Although we can confirm contact with DefenseCode, we have no new vulnerability information related to our WRT54GL or other home routers to share with customers at this time. We will continue to review new information that comes to light and will provide customer updates as appropriate,” said a Cisco spokeswoman told SC Magazine Australia.
However Cicso, who owns the Linksys brand, did finally admit to the problem: “Following our assessment of information recently released by DefenseCode, we have confirmed a vulnerability in the Linksys WRT54GL home router,” the company said in a e-mail to The Register. “At this point, no other Linksys products appear to be impacted.”
DefenseCode says that it will make a full disclosure of the vulnerability in the next two weeks.