[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.

"Fixing a vulnerability like this with all the bureoucratic, QA and legal 
process wouldn't take no more than 2 weeks"

If bureaucratic, QA, and legal issues emerge, you can't even get the names of 
the people you need to speak to in less than 2 weeks, let alone schedule a 
conference call. Fixing?  Heh.  

Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it 
off either.

Sent from my iPhone

On Feb 10, 2012, at 2:40 AM, farthvader@xxxxxxx wrote:

> Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup Pin 
> registrar Brute force attack.
> No patch or workaround exist at the making of this post.
> 
> Vulnerable list and alleged patch availability:
> source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
> 
>  E1000      To Be Disclosed (aka we don't have idea)
>  E1000 v2      To Be Disclosed
>  E1000 v2.1      To Be Disclosed
>  E1200 v1     early March
>  E1200 v2     early March
>  E1500     early March
>  E1550     mid March
>  E2000     To Be Disclosed
>  E2100L     mid March
>  E2500     early March
>  E3000     To Be Disclosed 
>  E3200     early March
>  E4200 v1     early March
>  E4200 v2     To Be Disclosed
>  M10     To Be Disclosed
>  M20     To Be Disclosed
>  M20 v2     To Be Disclosed
>  RE1000     early March
>  WAG120N     To Be Disclosed
>  WAG160N     To Be Disclosed
>  WAG160N v2     To Be Disclosed
>  WAG310G     To Be Disclosed
>  WAG320N     To Be Disclosed
>  WAG54G2     To Be Disclosed
>  WAP610N     To Be Disclosed
>  WRT110     To Be Disclosed
>  WRT120N     To Be Disclosed
>  WRT160N v1     To Be Disclosed
>  WRT160N v2     To Be Disclosed
>  WRT160N v3     To Be Disclosed
>  WRT160NL     To Be Disclosed
>  WRT310N v1     To Be Disclosed
>  WRT310N v2     To Be Disclosed
>  WRT320N     To Be Disclosed
>  WRT400N     To Be Disclosed
>  WRT54G2 v1     To Be Disclosed
>  WRT54G2 v1.3     To Be Disclosed
>  WRT54G2 v1.5     To Be Disclosed
>  WRT54GS2 v1     To Be Disclosed
>  WRT610N v1     To Be Disclosed
>  WRT610N v2     To Be Disclosed
>  X2000     To Be Disclosed
>  X2000 v2     To Be Disclosed
>  X3000     To Be Disclosed
> 
> The question is why a big company like Cisco/Linksys didn't release a patch 
> since almost 1 month and a half ?.
> 
> Well i have circumstantial evidence that Cisco outsource some of their 
> Linksys firmware routers to other companies (Arcadyan for example.) in some 
> cases source code is only available through NDA's or not available at all. 
> That's why they are taking so long to release a fix to the WPS vulnerability. 
> Fixing a vulnerability like this with all the bureoucratic, QA and legal 
> process wouldn't take no more than 2 weeks. I found some GPL violations by 
> the way but this is beyond the scope of this message (obfuscating firmware 
> it's useless you now).
> 
> I apologize if i offended someone but IT security it's serious business 
> specially if someone use your wifi to commit crimes.
> This vulnerability contains public and very easy to use exploit code, it's 
> not a Denial of Service.
> 
> 
> Farth Vader.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/