Full Disclosure mailing list archives
Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface
From: coderman <coderman () gmail com>
Date: Sun, 6 Apr 2014 03:11:08 -0700
On Fri, Apr 4, 2014 at 2:25 PM, Craig Young <vuln-report () secur3 us> wrote:
SOHO router security is quite bad. This is far from an isolated ping injection as most home routers don't bother to sanitize input going to ping functionality.
in case that wasn't clear, multiple international SOHO router hardware shops are releasing products where any arbitrary web CGI element can lead to elevated arbitrary execution on device... just a few escapes away. not a great security posture to start 2014! best regards, _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Remote Command Execution within the ASUS RT-AC68U Managing Web Interface Palula Brasil (Apr 04)
- Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface Craig Young (Apr 04)
- Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface coderman (Apr 06)
- Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface Craig Young (Apr 04)