Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


freitasm

BDFL - Memuneh
68869 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

#154591 1-Nov-2014 14:10
Send private message

Some are really bad stuff:

Linksys SMART WiFi vulnerabilities


 

Overview

 

Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities.

Description

 

 

 

 

 

 

 

 

CWE-320: Key Management Errors - CVE-2014-8243

 

An unauthenticated attacker on the local area network (LAN) can read the router's .htpassword file by requestinghttp(s)://<router_ip>/.htpasswd. The .htpasswd file contains the MD5 hash of the administrator password.

CWE-200: Information Exposure - CVE-2014-8244

A remote, unauthenticated user can issue various JNAP calls by sending specially-crafted HTTP POST requests tohttp(s)://<router_ip>/JNAP/. Depending on the JNAP action that is called, the attacker may be able to read or modify sensitive information on the router.

It should also be noted that the router exposes multiple ports to the WAN by default. Port 100080 and 52000 both expose the administrative web interface to WAN users. Depending on the model, additional ports may be exposed by default as well.

 

 

 

Impact

 

 

 

 

 

 

 

 

A remote, unauthenticated attacker may be able to read or modify sensitive information on the router.

 

 

 

Solution

 

 

 

 

 

 

 

 

Apply an Update:

If possible, users are encouraged to update their firmware to the latest version to remediate these vulnerabilities. Linksys has provided the following fix versions:

 

 





 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


Create new topic
timmmay
16529 posts

Uber Geek

Trusted
Subscriber

  #1166467 1-Nov-2014 14:18
Send private message

Port 100080? Wow, they have more ports than anyone else!

Aredwood
3885 posts

Uber Geek


  #1166620 1-Nov-2014 18:39

timmmay: Port 100080? Wow, they have more ports than anyone else!


They probally use it as a marketing feature. "You want the most ports? buy this router"

/joke





 
 
 
 


chevrolux
4612 posts

Uber Geek

Trusted

  #1166654 1-Nov-2014 20:18
Send private message

Yet another reason to not buy one of these terrible pieces of equipment.

They are seriously the biggest pieces of junk I have ever made the mistake of attempting to configure. Surprised Linksys still exists as a brand.

Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.