[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
- From: Rob Fuller <jd.mubix@xxxxxxxxx>
- Date: Sun, 12 Feb 2012 10:11:24 -0500
I've tested a 6 models of Linksys, all of them appear to disable WPS
completely as soon as a single wireless setting is set. I assume this
would be the reason Cisco/Linksys aren't putting much stock in
'fixing' it further. If anyone has any experience to contradict this
or have a modification to current tools to circumvent what I've
perceived as disabled, I, as I'm sure Craig, would be very interested.
--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org
On Sat, Feb 11, 2012 at 4:23 PM, <farthvader@xxxxxxx> wrote:
> _________________________________________________________________________
> "Use Tomato-USB OS on them."
> _________________________________________________________________________
>
> Besides you void warranty...
> list of DD-WRT Supported routers:
>
> E1000 supported
> E1000 v2 supported
> E1000 v2.1 supported
> E1200 v1 ???
> E1200 v2 ???
> E1500 ???
> E1550 ???
> E2000 supported
> E2100L supported
> E2500 not supported
> E3000 supported
> E3200 supported
> E4200 v1 not supported yet
> E4200 v2 not supported
> M10 ????
> M20 ????
> M20 v2 ????
> RE1000 ????
> WAG120N not supported
> WAG160N not supported
> WAG160N v2 not supported
> WAG310G not supported
> WAG320N not supported
> WAG54G2 not supported
> WAP610N not supported
> WRT110 not supported
> WRT120N not supported
> WRT160N v1 supported
> WRT160N v2 not supported
> WRT160N v3 supported
> WRT160NL supported
> WRT310N v1 supported
> WRT310N v2 not supported yet
> WRT320N supported
> WRT400N supported
> WRT54G2 v1 supported
> WRT54G2 v1.3 supported
> WRT54G2 v1.5 not supported
> WRT54GS2 v1 supported
> WRT610N v1 supported
> WRT610N v2 supported
> X2000 not supported
> X2000 v2 not supported
> X3000 not supported.
>
> _________________________________________________________________________
>
> "Fixing? Heh.
>
> Aside from rate limiting WPS, there isn't much of a fix, and you can't turn
> it off either."
> _________________________________________________________________________
>
> What about removing WuPS entirely?
>
> WuPS is a total failure because:
>
> 1. Even if everything is fine 8 digits long is very weak because once you got
> the pin after 7 month - 2 years for example, you are completely pwned.
>
> 2. Pin number is fixed you can't change it to a longer number or maybe a
> string like "omgponnies"
>
> 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad
> only cell phones), if some people are lazy, you don't have to weakening the
> security of a strong protocol.
>
> Farth Vader
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/