Multiple Linksys Devices DHCP Information Disclosure and Denial of Service Vulnerability

It has been reported that the built-in DHCP server on these devices are prone to an information disclosure vulnerability. When attempting to exploit this issue, it has been reported that a denial of service condition may occur, stopping legitimate users from using the device.

The DHCP server application on the device reportedly does not handle BOOTP packets properly, and can disclose the contents of the devices memory to an attacker. It may be possible for an attacker to use this vulnerability to watch traffic on an affected device. It may also be possible for an attacker to crash the device and deny service to legitimate users.


Privacy Statement
Copyright 2010, SecurityFocus