Today I am publishing 5 Linksys router vulnerabilities so that consumers may be aware of the risks.
I run a WRT54GL in my network but installed tomato on it because I never liked the linksys GUI and wanted to try out tomato. Here’s his take on the WRT54GL:
1. Linksys WRT54GL Firmware Upload CSRF Vulnerability
I demonstrate Cross-Site File Upload in my BlackHat and AppSec USA talks. If you need more info on the vector itself, check out How to upload arbitrary file contents cross-domain by Kotowicz.
I suspect these kind of exploits exist in all consumer grade routers.