exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Linksys Access Bypass

Linksys Access Bypass
Posted Aug 15, 2013
Authored by Kyle Lovett

On various Linksys devices, an unspecified bug can cause an unsafe/undocumented TCP port to open allowing for unauthenticated remote access to the device.

tags | advisory, remote, tcp, bypass
advisories | CVE-2013-5122
SHA-256 | 498c65c860fe5d919123b02b7dda83e1dd02868d0b1adb1db402354c60007bd1

Linksys Access Bypass

Change Mirror Download
-----------------------------------------------------------------------------
Vulnerabilities:
An unspecified bug can cause an unsafe/undocumented TCP port to open
allowing for:

- Unauthenticated remote access to all pages of the router
administration GUI, bypassing any credential prompts under certain
common configurations

- Direct access to several critical system files

CVE-ID 2013-5122
CWE-288: Authentication Bypass Using an Alternate Path or Channel
CVSS Base Score 10
CVSS Temporal Score 8.1
Exploitability Subscore: 10.0

Affected models and firmware:
Linksys SMART Wi-Fi Router N600 - EA2700 Firmware Version: 1.0.14
Linksys SMART Wi-Fi Router N750 Smooth Stream EA3500 Firmware Version: 1.0.30
Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.36
Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.37
Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.36
Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.37
-Web Server Lighttpd 1.4.28
-Running - Linux 2.6.22

-----------------------------------------------------------------------------

Vulnerability Conditions seen in all variations, though not limited too:
- Classic GUI has been enabled/installed
- Remote Management - Disabled
- UPnP - Enabled
- IPv4 SPI Firewall Protection - Disabled

Fixes and workarounds:

*** It is strongly advised to those that have the classic GUI firmware
installed to do a full WAN side scan for unusual ports that are open
that weren't specifically opened by the end user.

It is recommend to upgrade to firmware 2.1.39 on the E4200v2 and
EA4500, though it is uncertain if this resolves the problem in all
cases.
It is recommend to upgrade to firmware 1.1.39 on the EA2700 and
EA3500.though it is uncertain if this resolves the problem in all
cases.

Vendor: We have been working with Linksys/Belkin Engineers on this
problem, and they are still investigating the root cause. We hope to
have additional information on this bug soon.

-----------------------------------------------------------------------------

External Links Misc:
http://www.osvdb.org/show/osvdb/94768
http://www.securityfocus.com/archive/1/527027
http://securityvulns.com/news/Linksys/EA/1307.html
http://www.scip.ch/en/?vuldb.9326
http://www.mobzine.ro/ionut-balan/2013/07/vulnerabilitate-majora-in-linksys-ea2700-ea3500-e4200-ea4500/

Vendor product links:
http://support.linksys.com/en-us/support/routers/EA2700
http://support.linksys.com/en-us/support/routers/EA3500
http://support.linksys.com/en-us/support/routers/E4200
http://support.linksys.com/en-us/support/routers/EA4500

Discovered - 07-01-2013
Updated - 08-15-2013
Research Contact - K Lovett, M Claunch
Affiliation - SUSnet
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close