Experts Identify Zero-Day Vulnerability in Cisco’s Linksys Routers

70 million devices are affected by the root access bug

By on January 15th, 2013 09:11 GMT

Security experts from DefenseCode have identified a zero-day root access vulnerability in Cisco’s Linksys routers.

The flaw, which affects default installations, has been uncovered during a product security evaluation. The exploit was developed in 12 days, Help Net Security informs.

After identifying the security hole, DefenseCode immediately reported it to Cisco, but the company claimed that the vulnerability had already been fixed in the latest firmware variant.

However, experts have determined that, in reality, the latest firmware and all previous versions are affected.

Shortly after DefenseCode revealed its intentions of publishing the complete proof-of-concept, Cisco contacted them. The networking giant plans on issuing a fix over the next 10 days.

The security firm’s representatives highlight the fact that this vulnerability should not be treated lightly, considering that Linksys routers are very popular, with over 70 million devices being sold.