Thursday, April 16, 2009

Cisco's Linksys router is vulnerable to XSS attacks

Linksys wireless router is open to attacks

Russ McRee of reports that Cisco's Linksys WRT160N wireless router is vulnerable to cross-site request forgery attacks. If you visit a site that contains an exploit targeted at the WRT160N while signed into the device's management app, the exploit can modify your router settings. (An article by the Open Web Application Security Project describes the mechanics of cross-site request forgery attacks.)

The exploit works like this: you sign into your router's management app and visit a malicious site before you sign out. The site contains some sort of JavaScript or link that, when triggered, takes action against your router — which works because you're still signed in and your router is managed via the browser.

According to McRee, the problem definitely exists in hardware version 1 and firmware version 1.02.2. Although Cisco has released newer versions of the router, the company hasn't said whether the same exploit affects the newer devices. Meanwhile, we have to assume that it does.

Your defense against the vulnerability is to make certain that you don't visit any Web sites while managing your WRT160N. You need to log out of your router once you finish your management tasks — which you should do, even when there aren't any known exploits targeting a particular router.

Be sure to check Cisco's WRT160N software download page and watch for a newer version of the router's firmware.

No comments: