[ALUG] Security holes in routers.

Andreas Tauscher ta at geuka.net
Wed Aug 13 20:47:00 EAT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The results from the hacking competition at DefCon22:

The routers Linksys EA6500, ASUS RT-AC66U, TRENDnet TEW-812DRU,
Netgear Centria WNDR4700, Netgear WNR3500U/WNR3500L, TP-Link
TL-WR1043ND, D-Link DIR-865L, Belkin N900 DB and the Open Wireless
Router with EFF firmware are abusable.
Altogether 15 issues have been found in this routers.

ASUS RT-AC66U, Netgear Centria WNDR4700 (two issues), Belkin N900 and
TRENDnet TEW-812DRU a attacker can get full under their control.

The interesting is: Only four issues have been new. The other 11 have
been found already last year during DefCon21. The manufacturers never
upgraded the already produced and programmed flash roms. All routers
for this competition have been brand new.

If you own one this routers even when it is brand new do a firmware
upgrade.

My dear manufacturers: This is a mess! At least a sticker on the box
informing the buyer to do immediately a firmware upgrade would be the
minimum. But instead selling things known to be broken and abusable.
We have your money and you the problems.

Andi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQIcBAEBAgAGBQJT66SUAAoJEEeUknxlyOoQ/5AP/2iYPQP5r1lBHprLfAvktTOl
dmUX1zQGe1UnSHH4kFQAtLJ7mCmjs2gpNsyihrI8RYrakvIXFT6gyHfo1nH4NA05
cb/rvbib4YSJonlE97dxYwmg9VB/0efdG1brjhMG149R0aTjZjheqWFkx/mZEEjD
s0U8pK3VBhEFJoMBjibZwdJ6yvC4PwV5eTsDRUxRU7ullZDZ7FfmHbf5QmMXQ61D
rsYQ4ZVe/Yqqdy+jqgyUweQaISyKZ2FgkdimCSP3nHbL89YOSXk/09NgvVYV/if6
8ZSpQdwYYPbMUtpRjDSUsh77IsPjwYB1OeoQonzv7mnirSnFfClVfmpJLEULOJK7
ossaES4tG7QGOtVefbLl+gY4R5C3s2lz0spOI+biC+V4D/KKX25pHQTX5lGHzWH8
rZAldxp0hSHJur83K0dxq7k1v8hEc06jdYyg0p1iVDb0aYExb9UaAl9XSbxs3JMh
CW3ssofx7hQWZ2zt2mNrfINh6QeOBWkefStasd5PS6PfF1/XZzSjep52XzWzmAxb
vJYqt/73xgmgOoUCD9z17T5VzHM8bo1RJyoFWUXaNVzUKrwM0p8GOosmnYUgn1EB
Y4VxB3MHTQHe+1eauajLgHXGe22e2zsOyeSx4BQpRJSI8rpzH6jRgrsWd1k+Yyue
2DdUWn3Xuv9XonH/UK3J
=1OGU
-----END PGP SIGNATURE-----


More information about the Linux mailing list