Well, the hack is pretty simple and it's open for anyone to try it.
Quote:
When you are logged in to the web administration, simple injection leads to OS root access.
Cisco root OS escape
Many characters lead to injection, including at least:
* ;
* &
* |
* `` (backquotes)
* %a0
As you might have noticed, the above request is used with default administration credentials (admin/admin). It can be exploited using CSRF and these credentials (assuming a user did not change default user/password). But it is not as straightforward as in our other research: ASMAX router compromise.
One can still backdoor the router having access to web administration. Another outcome of the bug is an ablility to quite easily examine what services are running on the router, what is its internal configuration, etc. It may be a hint to find some more interesting vulnerabilities.
Also if one could find auth bypass vulnerability in http server / management software it can lead to easy full remote router compromise, as described in the ASMAX case.
|
Read the full article:
http://www.securitum.pl/dh/Linksys_W...ape_to_OS_root
An example :
http://www.securitum.pl/dh/asmax-ar-804-gu-compromise
Good Luck.
Hack: Linksys WAG54G2 - escape to OS root
