A zero-day vulnerability that allows hackers to gain remote access has been discovered in the popular Cisco Linksys range of routers.
The vulnerability was discovered months back by DefenseCode, an information security consultancy and vulnerability research research company, who then reported it to Cisco.
At the time, Cisco said to DefenseCode: “This vulnerability was already fixed in latest firmware release”. But DefenseCode discovered that it still was not fixed in the latest official Linksys firmware – 4.30.14 – and all previous versions.
The remote preauth (root access) vulnerability which is exploitable in the default installation of Linksys routers has the potential of affecting more than 70 million of these routers worldwide as sold by Cisco.
In a statement, DefenseCode said: “This exploit was successfully tested against a Linksys model WRT54GL router, but other Linksys versions/models are probably also affected.”
In demonstrating how to exploit the vulnerability, the DefenseCode team took 12 days to develop exploit code that could be used to take control of a wireless router and hijack all the information being processed through it.
The vulnerability is demonstrated in the following video: