AAPL Stock: 117.81 ( -0.22 )

Printed from

Escalating privileges Linksys, Netgear router bug not fully patched

updated 02:12 pm EDT, Tue April 22, 2014

Flaw slightly obscured by firmware patch, researcher calls exploit intentional

A security flaw in some Linksys and Netgear routers discovered this winter, thought to be patched, has only been marginally hidden. Instead of the router listening and obeying command packets on port 32764, now the command must be prefixed by a specially-crafted packet, which reactivates the flaw, and allows for remote command and seizure of afflicted routers.

TCP port 32764 is the target of the hack, which still remains free of documentation from either Linksys or Netgear. After some testing, researcher Eloi Vanderbeken gained access to a command line interface for the router, which allowed a script to be written granting him administrative access.

The special packet to reactivate the flaw was used by "an old Sercomm update tool," so the "security by obscurity" method chosen to patch the flaw out isn't particularly obscure. Simply, the packet contains an MD5 hash of the model number of the router being attacked.

The packet must either be sent from inside the network, or from the ISP itself. However, a "broadcast" from an ISP could mass-enable many routers at once to reactivate the flaw. Given the poor patching of the flaw, Vanderbeken believes the original flaw to be intentional given the haphazard nature of the "fix," and not an accident at all.

by MacNN Staff




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented