Shortly after Cisco representatives confirmed the existence of the root access vulnerability in Linksys WRT54GL routers, experts from DefenseCode – the ones who identified the security hole – have come forward saying that they’re currently investigating to see if other devices are impacted as well.“Starting a few hours ago, we began a quick analysis as to how many Linksys models might be vulnerable. From what we can tell so far, at least one other (not just the WRT54GL) Linksys model is probably vulnerable,” Leon Juranic, CEO of DefenseCode wrote.
Juranic explained that they believed network devices from other manufacturers might also be affected by the vulnerability. However, they’re still investigating this theory.
Furthermore, he claims that they’ve identified other vulnerabilities in Linksys routers, which they’ve reported to Cisco.
In the statement released on Thursday, Cisco said that only Linksys WRT54GL routers were affected. Moreover, they say that the vulnerability can be exploited only by an attacker who is connected to the internal network.
As Sophos’s Paul Ducklin highlights, “to run the exploit without physical access, an attacker needs to authenticate to your WiFi network first. This means that by avoiding WEP and picking a decent password, you should be able to keep unknown assailants out.”
Ducklin also explains that the L from WRT54GL stands for Linux. This old model has been reintroduced by Linksys because it has more RAM and it allows tech savvy customers to run their own operating system builds on it.
“In other words, most -GLs are bought specifically to be reflashed with other firmware distros such as OpenWRT, ddWrt or Tomato. So they probably aren't running Cisco's vulnerable firmware anyway,” Ducklin added.