SOHOpelessly Broken, the contest that tested router security and was run as part of the DEFCON hacker conference has announced the winner. The winner: Craig Young of security firm TripWire uncovered 11 of the 15 vulnerabilities that were found as a part of the contest. The real winners: hopefully all of us as the contest […]
Category: Actiontec
Actiontec CSRF
Interesting vulnerability found in the Actiontec MI424WR-GEN3I router by Jacob Holcomb of Independent Security Evaluators. The vulnerability is a CSRF that easily allows you to add administrator users and enable remote administration simply by crafting some HTML and pointing a browser in the router’s network to it. Details for how to do this can be found […]