The researchers say they told Cisco about the vulnerability, but were informed it was already fixed. It wasn't.
DefenseCode researchers recently uncovered a zero day vulnerability in Linksys routers. "Cisco Linksys is a very popular router with more than 70,000,000 routers sold," the researchers wrote. "That's why we think that this vulnerability deserves attention."
"DefenseCode said the flaw is in the default installation of Linksys routers, which are primarily used in home networks," writes CSO Online's Antone Gonsalves. "The company posted a YouTube video showing a proof-of-concept exploit being used to gain root access to a Linksys model WRT54GL router."
"They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability," writes Help Net Security's Mirko Zorz. "Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out [to] be incorrect."
"The vulnerability affects all versions of Linksys firmware up to and including the current version, 4.30.14," notes The Register's Richard Chirgwin. "DefenseCode intends to release a full description of the vulnerability within two weeks."
"A patch is due out this week, days ahead of DefenseCode's scheduled release of the full vulnerability details," notes SC Magazine's Darren Pauli.