Linksys LRT224 Dual WAN Gigabit VPN Router Session Cookie Brute-force

Attacker can easily guess contents of logged in users session cookie

An attacker can easily guess the contents of the currently logged in user's session cookie. The contents of the session cookie consist of a base64 encoded string, DefaultX::::admin where X is a single digit from 0-9. The attacker can easily try all 10 possible session cookies to see which is currently valid.

POC Exploit Video:

POC Exploit Script download:



Vulnerable Systems:

Firmware versions tested:

Fix released in FW version
An offical firmware update remediating this vulnerability was released March 19, 2019. (see Linksys's official changelog)

go back home