Basically there is a very large, dangerous vulnerability in vxworks that has been there for decades. Since this system has always been closed source there hasn’t been much opportunity to audit the code. Well I own one of the wrt54 routers that notoriously runs vxworks. Meaning this router has always been susceptible to this vulnerability. I contacted Linksys to see what they would do, patch my device or tell me to throw it in the trash. As soon as I contacted them they thought I was talking about a bad packets vulnerability. I said no this is a very dangerous thing that is apart of any internet facing vxworks devices. Continuing I said this is a big issue that needs to be patched and people need to be aware since many of these devices run on the internet still and have never received a patch. They said well IF your device runs on vxworks then you could run openwrt or ddwrt on it, either way it’s an unsupported product. Understandable that it’s unsupported but I had to say that the vxworks models are notorious for not running openwrt and the ddwrt route is a method not friendly to the average user since you have to do a vxworks killer method that tools may not even be available on the internet anymore to do this. I am one person that has already done this to obtain the very stripped down version of ddwrt but many people can’t do this, won’t do this and don’t even know they should be fixing this issue. I’m kind of disappointed by Linksys response to this as I’ve always respected and enjoyed their products. If you have a vxworks product then I suggest you look for a patch or otherwise pull your device from the internet!
Coreman's Tech and Anime! 