Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Linksys E1200 and E2500 (Missing authorization on parental control)

From: samhuntley84 () gmail com
Date: Sun, 14 Aug 2016 21:40:44 GMT


Linksys E1200 hardware version 2.2 and firmware version 2.0.07 (build 2) suffer from missing authorization control on 
parental control page. This allows an attacker to change the parental controls set up by parents  to keep kids safe 
from visiting adult sites and probably compromise a kidÂ’s device.

Info at 
http://www.samuelhuntley.com/?p=132
http://www.samuelhuntley.com/?p=143

Initial disclosure date: 04/12/16
Fixed date as per Linksys contact: 7/4/16
Linksys contact: Benjamin Samuels,  Calvin Clark (security () linksys com)
Previous By Date Next
Previous By Thread Next

Current thread: