DSL router remotely controlled by URL

From The H Security

Security researcher Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it’s relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. He has now published [securitum.pl] further details.

Sajdak discovered that it’s easy to add a shell command to a POST request and have the router execute it. To test this, all you need is a proxy that can modify the POST request before it’s sent. Sajdak says he told the manufacturer, Cisco, about the error in March and his message was acknowledged, but he has received no report of a fix as yet. Read the full story [h-online.com]

From The H Security

Security researcher Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it’s relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. He has now published [securitum.pl] further details.

Sajdak discovered that it’s easy to add a shell command to a POST request and have the router execute it. To test this, all you need is a proxy that can modify the POST request before it’s sent. Sajdak says he told the manufacturer, Cisco, about the error in March and his message was acknowledged, but he has received no report of a fix as yet. Read the full story [h-online.com]

Suggested articles

Cisco Patches High-Severity Bug in VoIP Phones

Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.