Geek Tested:

Some Linksys and Netgear Routers Vulnerable to New Exploit

Posted 08/03/09 at 09:43:49 AM by Paul Lilly

Two security researchers on Saturday have warned that if you use cPanel to administer your website or certain Linksys or Netgear routers, you're leaving yourself open to web-based attacks that could potentially take control of your systems.

The attacks are based on CSRF, or cross-site request forgery, which can be exploited simply by surfing to the 'wrong' website, say Russ McRee of HolisticInfoSec.org and Mike Bailey of Skeptikal.org.

"CSRF is bad stuff," Bailey said at the Defcon hacker conference in Las Vegas. "It's a very under-appreciated vulnerability, and it's all over the place. Because it usually gets rated as a pretty minimal issue, it almost never gets fixed, and that means we have these kinds of holes all over."

When visiting a malicous website while logged in to the program, the attack is able to trick cPanel into carrying out sensitive commands by duping the device into thinking they came from the victim. And it doesn't look like this will be fixed anytime soon.

"The response I got from cPanel was we can't fix this because it's a feature," Bailey said. "Apparently, they're worried it's going to break integration with third party billing software, so they can't fix this."

Much more info here.

Image Credit: Linksys

COMMENTS:1

TAGS:

COMMENTS

just GREAT!
Submitted by nekollx on Mon, 08/03/2009 - 10:36am

so theirs a vunerability in linksys that can let a hacker take secret control of the system but thery wont even think about fixing it cause it could mess up 3rd party billing?

Does this only apply to managing the router via cpanel or using any Cpanel (which is pretymuch defacto for website admin)

------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.

Login or register to post comments

Must Read Articles

Feature
ATI HD Radeon 5870: The New Videocard King
Review
Windows 7 Reviewed! XP vs Vista vs Win7
Feature
Intel's New Core i5 Analyzed and Benchmarked
Feature
Windows 7 Upgrade Guide
Feature
Comic-Con 2009: 600 Amazing Cosplay Photos

Most Popular Articles

COMMENTS

NewsModern Warfare 2 Breaks Record for Biggest Launch in Entertainment History

COMMENTS

NewsWe're Giving Away a HP ENVY 13 Notebook!

COMMENTS

NewsRupert Murdoch: Expect to See News Corp Media Removed from Google

COMMENTS

FeaturesATI Radeon HD 5970: The Undisputed Performance Champ

COMMENTS

NewsWindows 7 OEM EULA Excludes Home Builds not for Resale

This Month's Issue

SUBSCRIBE NOW
AND SAVE!

FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works

Geek Tested:

HARDWARE

PC

SOFTWARE

WINDOWS

CONSUMER ELECTRONICS

LINUX

Some Linksys and Netgear Routers Vulnerable to New Exploit

Technology News

Computer Cooling Fans

Computer Cases

PC Game Controllers

PC Games

Computer Hardware

Headphones

MP3 Players

Stream Video

Computer Mouse

Monitors

Motherboards

NAS Storage

Networking

Laptop Computers

DVD Burner

Digital Cameras

Portable Storage

Computer Accessories

Smartphone

Antivirus Software

Sound Cards

Speakers

Computer Systems

Thumb Drives

Video Cameras

Video Card Reviews

Water Cooling

Gadgets