Citizens First Cyber Security Professionals cfcspro.com

Login

Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

Connect via Facebook

Connect via Facebook

Member Poll

There are no polls defined.

Shoutbox

You must login to post a message.

16-01-2018 11:17
Yo' ... It's beginning to look like I have hired another lazy ass moderator?... That best not be the case!! Frown

12-01-2018 12:30
Yo' Citizens, I will have a couple of "new tools" and some interesting news to share with you today! I will have it all up for you shortly. Cool

01-01-2018 15:56
Yo' Citizens, Happy New Year! Grin

24-12-2017 13:40
Yo' Citizens, Merry Christmas Eve! Grin

16-12-2017 18:54
Currently creating your holiday specials! New holiday membership specials coming to you within the hour! Grin

Welcome Citizens

Welcome to, Citizens First Cyber Security Professionals.

The Individual Citizen Specific, Cyber Security Investigative Services Firm. Cyber Security Web Forum and Educational Cyber Security Dojo.

Geared strictly to helping Individual Citizens and Small Businesses! Address unwanted cyber security intrusions and hacking incidents!

View Thread

 Print Thread
Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices - Via - THN
Brooklyn
Yo' Greetings Citizens,

Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices - Via - THN

Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months.


The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take full control of the device, placing millions of people who've signed up to DirecTV service at risk.

The vulnerability actually resides in WVBR0-25—a Linux-powered wireless video bridge manufactured by Linksys that AT&T provides to its new customers.

DirecTV Wireless Video Bridge WVBR0-25 allows the main Genie DVR to communicate over the air with customers' Genie client boxes (up to 8) that are plugged into their TVs around the home.

Trend Micro researcher Ricky Lawshae, who is also a DirecTV customer, decided to take a closer look at the device and found that Linksys WVBR0-25 hands out internal diagnostic information from the device's web server, without requiring any authentication.

When trying to browse to the wireless bridge's web server on the device, Lawshae was expecting a login page or similar, but instead, he found "a wall of text streaming before [his] eyes."

Once there, Lawshae was able to see the output of several diagnostic scripts containing everything about the DirecTV Wireless Video Bridge, including the WPS pin, connected clients, running processes, and much more.

What's more worrisome was that the device was accepting his commands remotely and that too at the "root" level, meaning Lawshae could have run software, exfiltrate data, encrypt files, and do almost anything he wanted on the Linksys device.

"It literally took 30 seconds of looking at this device to find and verify an unauthenticated, remote root command injection vulnerability. It was at this point that I became pretty frustrated," Lawshae wrote in an advisory published Wednesday on Trend Micro-owned Zero Day Initiative (ZDI) website.

"The vendors involved here should have had some form of secure development to prevent bugs like this from shipping. More than that, we as security practitioners have failed to affect the changes needed in the industry to prevent these simple yet impactful bugs from reaching unsuspecting consumers."

Lawshae also provided a video, demonstrating how a quick and straightforward hack let anyone get a root shell on the DirecTV wireless box in less than 30 seconds, granting them full remote unauthenticated admin control over the device...++...


Please Read The Full Story here: https://thehacker...-hack.html

Thank You For Your Time, Citizens. I hope that you have a great and cyber-secure day!

Thank You Citizen,
The Administration
 
http://cfcspro.com
Jump to Forum:
top image scrolling tools
facebook_share
twitter_share
google_share
linkedin_share
blogger_share
delicious_share
scrolltop
Render time: 0.12 seconds
311,968 unique visits