Lynksys Routers Feature Massive Security Flaw



/ 1 month ago

Lynksys Routers Feature Massive Security Flaw

Security researchers have found that a number of Linksys Smart Wi-Fi routers contain vulnerabilities that could be exploited to form part of a botnet. Cybersecurity consultancy IOActive discovered that these flaws – ten separate issues across twenty models – could allow hackers to take over the device and change its credentials, deny user access, or leak information. During an initial scan, IO Active found there to be more than 7,000 vulnerable routers online at the time.

“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” Tao Sauvage, senior security consultant at IOActive, said (via The Register). “Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”

The following Linksys routers have been found to contain these known vulnerabilities:

WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500

While a fix is coming soon, in the meantime Linksys recommends disabling guest networks.

SEE ALSO:  Linksys Introduces New Modem Router and More DD-WRT Support

“Working together with IOActive, we’ve been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said. “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings.”

“Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers,” Samuels added. “As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.”

 


Topics: , , , ,

  • Brian K. Fontenot II

    DDWRT…. Enough Said!

    • MELERIX

      there are vulnerabilities in DDWRT too.

  • Be Social