Unauthenticated MQTT endpoints on Linksys Velop routers enable local DoS

mjg59.dreamwidth.org
2 min read
standard
Article URL: https://mjg59.dreamwidth.org/56106.html Comments URL: https://news.ycombinator.com/item?id=26408275 Points: 1 # Comments: 0
mosquitto_pub -h 192.168.1.1 -t "network/master/cmd/nodes_temporary_blacklist" -m '{"data": {"client": "f8:16:54:43:e2:0c", "duration": "3600", "action": "start"}}'

(Edit: this is CVE-2021-1000002)Linksys produces a series of wifi mesh routers under the Velop line. These routers use MQTT to send messages to each other for coordination purposes. In the version I tested against, there was zero authentication on this - anyone on the local network is able to connect to the MQTT interface on a router and send commands. As an example:will ask the router…
Read full article