Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday April 25 2017, @10:24PM   Printer-friendly
from the no-consequences- dept.

Submitted via IRC for TheMightyBuzzard

More than three months after being informed about remotely exploitable vulnerabilities in 25 router models, Linksys is[sic] yet to issue patches to remedy them.

Researchers at IOActive Labs wrote that they had informed Linksys of 10 flaws on 17 January, six of which could be remotely exploited by unauthenticated people.

But as of last week, all that Linksys had done was to notify users through a public post and suggest workarounds until patched firmware was ready.

Given Linksys' inactivity, the IOActive Labs researchers said they were holding off on providing the full technical details of the flaws until patched firmware was ready for download.

Shit, even we can manage a fix in six months...

Source: http://www.itwire.com/security/77772-three-months-on,-no-linksys-router-patches-for-remote-holes.html


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by pTamok on Wednesday April 26 2017, @07:21AM

    by pTamok (3042) on Wednesday April 26 2017, @07:21AM (#499883)

    If you want open-source, libre firmware for SOHO routers, you might prefer to look at the LEDE project (Linux Embedded Development Environment) ( https://lede-project.org/ [lede-project.org] ) , which is a fork of the OpenWrt project which later remerged*.

    Current firmware is LEDE 17.01.1 (In contrast, the legacy OpenWrt site ( https://openwrt.org/ [openwrt.org] ) offers 15.05.1 - LEDE 17.01.1 is an update to the OpenWrt 15.05.1 codebase)

    Supported hardware database (Table of Hardware) is here: https://lede-project.org/toh/start [lede-project.org]

    * If you are interested, it is worth reading the 'State of the Union' threads in the Feb 17 and Mar 17 LEDE Administration mailing list archives ( http://lists.infradead.org/pipermail/lede-adm/ [infradead.org] ) to gain an understanding of what has been going on with regard to LEDE and OpenWrt. It is slightly confusing.