[ALUG] Cisco RV110W - RV215W - CVR100W - Bypass Login Page

Howard Frederick simbamangu at gmail.com
Fri Mar 7 14:07:30 EAT 2014


How on earth does that kind of mistake still happen?

I also notice that 50% of public Wi-Fi routers have the default password
unchanged, though. Or are set to the network name...
On 7 Mar 2014 12:34, "Andreas Tauscher" <ta at geuka.net> wrote:

> If you own this upgrade the firmware ASAP.
>
> Usernames and passwords are found within the HTML source code of the
> login screen.
>
> CVE:
> http://www.securityfocus.com/archive/1/531356
>
> Cisco Anouncemnet:
>
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd
>
> Demonstarion of the exploit:
> https://docs.google.com/file/d/0BzDR2c9r47AiMVlQWkVNVjE0REU/edit?pli=1
>
> Andreas
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
> http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including
> attachments if any). The mailing list host is not responsible for them in
> any way.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20140307/b668ae91/attachment.html>


More information about the Linux mailing list