Authentication bypass in embedded devices

There is a very interesting post by Adrian Pastor about authentication bypass.

He talks about the well known vulnerability in the Linksys WRT54G router where the page that contains the different settings is password protected but the page that does the actual processing of the data (for the Linksys, a CGI script) was not protected at all.

Leave a Reply

Your email address will not be published. Required fields are marked *