Linksys EA6350 Chroot Misconfiguration in vsftpd Allows Privilege Escalation and Unauthorized Access
Vulnerability
A vulnerability exists in the Linksys EA6350 router, specifically in version 2.1.2, due to a misconfiguration in the vsftpd (Very Secure FTP Daemon) settings. The 'chroot_local_user' option is enabled, which can lead to unauthorized access to system files, privilege escalation, or using the compromised device as a pivot point for attacks within the internal network.
Impact
Exploitation of this vulnerability could result in unauthorized access to system files, elevated privileges, or the use of the compromised server to launch attacks on other devices within the internal network.
Reproduction
The vulnerability can be reproduced by logging into the Linksys EA6350 router and accessing the dynamically generated vsftpd configuration file, located at '/etc/vsftpd.conf'. The presence of 'chroot_local_user=YES' indicates that local users are confined to their home directories after login, which can have security implications, particularly if users have permission to upload files or access a shell.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.