多款Cisco Linksys产品安全绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1167081 漏洞类型 授权问题
发布时间 2013-07-02 更新时间 2013-08-19
CVE编号 CVE-2013-5122 CNNVD-ID CNNVD-201307-283
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://www.securityfocus.com/bid/60897
https://cxsecurity.com/issue/WLB-2013080146
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201307-283
|漏洞详情
Cisco Linksys EA2700、EA3500、E4200和EA4500都是美国思科(Cisco)公司的无线路由器产品。 多款Cisco Linksys产品中存在安全漏洞。攻击者可利用该漏洞绕过特定的安全限制,获得对受影响设备的未授权访问权限。以下版本受到影响:Cisco Linksys EA2700运行的固件1.0.14版本,Cisco Linksys EA3500运行的固件1.0.30版本,Cisco Linksys E4200运行的固件2.0.36版本,Cisco Linksys EA4500运行的固件2.0.36版本。
|漏洞EXP
-----------------------------------------------------------------------------
Vulnerabilities:
An unspecified bug can cause an unsafe/undocumented TCP port to open
allowing for:

- Unauthenticated remote access to all pages of the router
administration GUI, bypassing any credential prompts under certain
common configurations

- Direct access to several critical system files

CVE-ID 2013-5122
CWE-288: Authentication Bypass Using an Alternate Path or Channel
CVSS Base Score 10
CVSS Temporal Score 8.1
Exploitability Subscore: 10.0

Affected models and firmware:
Linksys SMART Wi-Fi Router N600 - EA2700 Firmware Version: 1.0.14
Linksys SMART Wi-Fi Router N750 Smooth Stream EA3500 Firmware Version: 1.0.30
Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.36
Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.37
Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.36
Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.37
-Web Server Lighttpd 1.4.28
-Running - Linux 2.6.22

-----------------------------------------------------------------------------

Vulnerability Conditions seen in all variations, though not limited too:
- Classic GUI has been enabled/installed
- Remote Management - Disabled
- UPnP - Enabled
- IPv4 SPI Firewall Protection - Disabled

Fixes and workarounds:

*** It is strongly advised to those that have the classic GUI firmware
installed to do a full WAN side scan for unusual ports that are open
that weren't specifically opened by the end user.

It is recommend to upgrade to firmware 2.1.39 on the E4200v2 and
EA4500, though it is uncertain if this resolves the problem in all
cases.
It is recommend to upgrade to firmware 1.1.39 on the EA2700 and
EA3500.though it is uncertain if this resolves the problem in all
cases.

Vendor: We have been working with Linksys/Belkin Engineers on this
problem, and they are still investigating the root cause. We hope to
have additional information on this bug soon.

-----------------------------------------------------------------------------

External Links Misc:
http://www.osvdb.org/show/osvdb/94768
http://www.securityfocus.com/archive/1/527027
http://securityvulns.com/news/Linksys/EA/1307.html
http://www.scip.ch/en/?vuldb.9326
http://www.mobzine.ro/ionut-balan/2013/07/vulnerabilitate-majora-in-linksys-ea2700-ea3500-e4200-ea4500/

Vendor product links:
http://support.linksys.com/en-us/support/routers/EA2700
http://support.linksys.com/en-us/support/routers/EA3500
http://support.linksys.com/en-us/support/routers/E4200
http://support.linksys.com/en-us/support/routers/EA4500

Discovered - 07-01-2013
Updated - 08-15-2013
Research Contact - K Lovett, M Claunch
Affiliation - SUSnet
|参考资料

来源:BID
名称:60897
链接:http://www.securityfocus.com/bid/60897