Security company DefenseCode Ltd has disclosed a video showing a proof of concept exploit that allows root access to millions of Cisco Linksys routers in their default installation.
The company says they have contacted Cisco about a remote preauth (root access) vulnerability in default installation of their Linksys routers, including detailed vulnerability description along with the PoC (proof of concept) exploit for the vulnerability.
The exploit shown in this video has been tested on Cisco Linksys WRT54GL, but DefenseCode says other Linksys models could also be affected.
Cisco Linksys is a popular router. Still according to the company Cisco claims this vulnerability was already fixed in latest firmware release but further tests show that the latest official Cisco Linksys firmware 4.30.14, and all previous versions are still vulnerable.
DefenseCode will follow with vulnerability details disclosure in two weeks through BugTraq and Full Disclosure mailing list.