BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Linksys Routers Command Injection

Disclosed February 12, 2014    Zeroday : 255 days

Vulnerability Description:

Linksys routers are susceptible to an unauthenticated remote code execution vulnerability, which is being leveraged in the wild by a worm. Compromised routers may allow remote attackers to siphon confidential information from networks, or create a botnet using routers under attacker control.

Vendors:

Belkin (Linksys)

Vulnerable Software/Devices:

*Unconfirmed list of vulnerable routers*
E4200
E3200
E3000
E2500
E2100L
E2000
E1550
E1500
E1200
E1000
E900
E300
WAG320N
WAP300N
WAP610N
WES610N
WET610N
WRT610N
WRT600N
WRT400N
WRT320N
WRT160N
WRT150N

Vulnerability Severity:

High

Exploit Availability:

No Exploit Available

Exploit Impact:

Remote Code Execution
Exploitation of this vulnerability is possible via an attacker sending data to port 8080. After determining the type of router the attacker is interfacing with, the attacker will exploit a vulnerable CGI running on the router. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32818 - Linksys Routers Command Injection (Zero-Day)

Mitigation:

No mitigations are currently available.

Links:

CVE(s):

None