Anatomy of an exploit – Linksys router remote password change hole

An interesting posting from Naked Security:

A security researcher from San Jose in California has published a how-to guide detailing a number of vulnerabilities in various Linksys routers.

Phil Purviance, who goes by the handle of SUPER.EVR (EVR stands for Exploitation Vulnerability Research), reported the holes privately on 05 March 2013:


And Purviance certainly lived up to his threat, publicly releasing the gory details on 05 April 2013 on his blog.

I don’t want to get sidetracked into a discussion about the disclosure process here – whether 30 days was long enough, whether it was fair to expect a reply after emailing Cisco, which no longer owns the Linksys brand, or whether explicitly documenting the holes was wise.

You’ll have to make your own mind up on those issues, because I’m going to zoom in on one of the holes to see what we can learn from it.


To read more click here:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *