Linksys root exploit

Discussion in 'Tomato Firmware' started by Morac, Jan 15, 2013.

  1. Morac

    Morac Network Guru Member

    Linksys firmware has a root exploit.

    Any idea if this applies to Tomato running on Linksys (i.e. how much of tomato source is from Linksys).
  2. ryzhov_al

    ryzhov_al Addicted to LI Member

    That's not fair! They are hacking router from LAN segment where no any defense by design. How many ways to DDOS or hang router from inside via SAMBA or some other daemons? Dosen? Hundred may be?

    It's not so serious as they describe.
  3. Monk E. Boy

    Monk E. Boy Network Guru Member

    "remote root access" implies the access is possible across the internet. Not on a LAN/WLAN segment. If this is only exploitable on LAN/WLAN then it's attack surface is far less. A guy in another country would have to show up in your driveway, bypass all your WPA2 encryption (you ARE running with WPA2 security... right?), and then - once he's on your WLAN - be able to gain root access to your router.

    "According to numbers available on the Internet, Cisco Linksys is a very popular router" I'm going to have to assume comes from a bad translation, because Cisco/Linksys is a router manufacturer that manufactures a wide array of routers, not just the WRT54GL. Many of them don't even run Linux, at least not unless you flash a third party firmware onto it.

    Hopefully more details emerge on this soon since right now it looks like an atypical "reporter contacted by firm about vulnerability, appropriate buzzwords fit into correct places in reporter's mind, reporter only relays buzzwords but no genuinely relevant info" case.
  4. mstombs

    mstombs Network Guru Member

    Wow break into the LAN on a 6+ year old firmware. I suggest its just using the old upnp interface which Linksys used to use to allow configuration from their setup CD app. I see port 5555 being used.
    Lets not forget though the original Linksys firmware on WRT54G had the "ping exploit" which allows hackers into the Linux router and was the start of great things!
  5. lefty

    lefty Networkin' Nut Member

    The exploit hopes that you are using subnet as your LAN, which most people, atleast security wise, don't use that as their LAN.

    Also, i have to disagree with Monk E. Boy with this statement: "Many of them don't even run Linux, at least not unless you flash a third party firmware onto it."

    They are running linux kernel and a type of busy box already with stock firmware, that is even why you are able to flash a 3rd party firmware to the unit to begin with because it is compatible to do so, its just not as customizable - nor feature filled as 3rd party firmware. Very few of their units run VxWorks (mainly the 2MB flash units), and even fewer run U-Boot. And in general, any unit that uses a CFE is compiled with and uses a linux kernel to some degree to drive it.
  6. digiblur

    digiblur Networkin' Nut Member

    If someone is on the inside of my network, the router is the least of my worries.

    -- "Sensorly or it didn't happen!"
    ryzhov_al likes this.
  7. Mangix

    Mangix Networkin' Nut Member

    This exploit sounds boring. There are multiple ways to get root access through the LAN(more so in tomato). A real remote exploit would need to come from the WAN side.
  8. Toastman

    Toastman Super Moderator Staff Member Member

    Yawn ....
  9. RMerlin

    RMerlin Network Guru Member

    Security experts are so good at exaggerating everything just for the sake of publicity... Nothing remote in this exploit indeed. And as usual, if someone has LAN access, then your home router is the least of your worries.
    Python46 likes this.
  10. Monk E. Boy

    Monk E. Boy Network Guru Member

    And in general Cisco makes more than home routers.

    Depending on your interpretation of their clumsy wording, it could be read that they were claiming that Cisco equipment, not just the Linksys equipment they inherited, was affected by this uPnP buffer overrun (or whatever it is). Devices running CatOS, IOS, and IOS XR are definitely not running Linux.

    No matter what, calling this LAN exploit a remote buffer exploit is a bald faced lie. The only question in my mind is whether a non-technical reporter relabeled it or whether they did it themselves. Either wouldn't surprise me.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice