Eircom F1000 modem security vs shellshock bash bug

The Algebraist · 05-10-2014 07:33PM #1

I read that broadband routers can be affected by the shellshock bug, but I can't find any info about my Eircom F1000 router.

Does anyone know if / where / how I can check?

Thanks

dalta5billion · 06-10-2014 06:46AM

If you telnet into it it seems to be running the BusyBox Shell, not bash.

Good for you for checking though, more people should be concerned about shellshock.

Dermot McDonnell · 06-10-2014 09:12AM

dalta5billion wrote: »

If you telnet into it it seems to be running the BusyBox Shell, not bash.

Good for you for checking though, more people should be concerned about shellshock.

You're quite right, modem/routers have traditionally been tight for space. Almost all use busybox to supply a bash like shell and are NOT vulnerable to shell shock.

Btw, ZyXel firmware releases come with change logs that details bug fixes. Those bugs are present in the Eircom F1000 n the change logs pretty much spell out attack strategies. In any case, Eircom, or any hacker that 'owns' them, can push a firmware update to your device at will, so "router security" is illusory in any case for the vast majority.

MBSnr · 06-10-2014 09:46AM

^^^
You can confirm - Telnet to the device and type cat --help

> cat --help
BusyBox v1.17.2 (2013-09-17 18:25:50 CST) multi-call binary.

Usage: cat [FILE]...

Concatenate FILEs and print them to stdout

Eircom F1000 modem security vs shellshock bash bug

Comments