Over the Christmas holiday, programmer Eloi Venderbeken
discovered a vulnerability in many Linksys, Netgear, and Belkin DSL modem/router combination devices, allowing an attacker who is on the network to escalate privileges or reboot an otherwise-secure router. The exploit seems to be limited to devices with SerComm chipsets
, and has been confirmed to work on a wide array of both new and old models.
TCP port 32764 is the target of the hack
, which still remains free of documentation from either Linksys or Netgear. After some testing, Vanderbecken gained access to a command line interface for the router, which allowed a script to be written granting him administrative access.
The attack cannot be used outside a local area network's boundaries, and any attacker must be logged into the network to start, limiting the severity of the hack. Should the exploit become widely used, at most risk are businesses offering free Wi-Fi access or other establishments using off-the-shelf hardware for Internet access to a variety of anonymous patrons, like schools or libraries.