November 2, 2002, I sent an email to support@linksys.net detailing what I thought was vulnerability on the LAN side of the Linksys router family (befsr11). Two days later, a report came from IDG detailing the exact same vulnerability for the Linksys befsr41 router. The major difference in their report and my own is that they say the vulnerability can be fixed by upgrading the router's firmware. This report absolutely incorrect because I have tested both the current firmware available on the Linksys website and the previous version released last march, and both of are vulnerable.
See the original report I submitted. I discovered the vulnerability using Nessus, a freely available security auditing tool, for unix.
Comments (0)
Topsight.net
http://www.topsight.net/article.php/20021105131108843