[Discuss] Remote Vulnerabilities :: Linksys WRT54G routers
Bernd Petrovitsch
(spam-protected)
Do Sep 22 15:32:45 CEST 2005
On Wed, 2005-09-21 at 19:56 +0200, bernd essl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Linksys WRT54G Wireless Router Multiple Remote Vulnerabilities
> BugTraq ID: 14822
> Remote: Yes
> Date Published: 2005-09-13
> Relevant URL: http://www.securityfocus.com/bid/14822
> Summary:
> Multiple vulnerabilities have been identified in Linksys WRT54G
> routers. These issue all require that an attacker have access to
> either the wireless, or internal LAN network segments of the affected
> device. Exploitation from the WAN interface is only possible if the
> affected device has remote management enabled.
>
> This issue allows attackers to:
> - - Download and replace the configuration of affected routers.
> - - Execute arbitrary machine code in the context of the affected device.
> - - Utilize HTTP POST requests to upload router configuration and
> firmware files without proper authentication
> - - Degrade the performance of affected devices and cause the Web server
> to become unresponsive, potentially denying service to legitimate users.
Wenn ich den Link oben richtig interpretier, bezieht sich das auf die
Originalfirmware.
Und es ist gut, daß man die (so) austauschen kann .....
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
Mehr Informationen über die Mailingliste Discuss