[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Remote Command Execution on Cisco WAG120N
- To: Gary Driggs <gdriggs@xxxxxxx>
- Subject: Re: [Full-disclosure] Remote Command Execution on Cisco WAG120N
- From: Julius Kivimäki <julius.kivimaki@xxxxxxxxx>
- Date: Mon, 26 Nov 2012 11:47:37 +0200
Is a privilege escalation vulnerability in Linux not a vulnerability if it
requires authentication?
2012/11/22 Gary Driggs <gdriggs@xxxxxxx>
> On Nov 22, 2012, Manu <sourvivor at gmail> wrote:
>
> > Authenticate and browse to
>
> How is this a vulnerability if it's behind an authentication wall?
> I've seen several SOHO routers and APs that include some kind of
> "hidden" web page that allows one to tweak settings. How does this
> differ & how is it remotely exploitable without authentication? I'm
> sure if you contacted the vendor they would acknowledge the existence
> of the page as either a debug or dev tool and ask the same questions I
> have.
>
> -Gary
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/