News

Lynksys Routers Feature Massive Security Flaw

Security researchers have found that a number of Linksys Smart Wi-Fi routers contain vulnerabilities that could be exploited to form part of a botnet. Cybersecurity consultancy IOActive discovered that these flaws – ten separate issues across twenty models – could allow hackers to take over the device and change its credentials, deny user access, or leak information. During an initial scan, IO Active found there to be more than 7,000 vulnerable routers online at the time.

“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” Tao Sauvage, senior security consultant at IOActive, said (via The Register). “Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”

The following Linksys routers have been found to contain these known vulnerabilities:

WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500

While a fix is coming soon, in the meantime Linksys recommends disabling guest networks.

“Working together with IOActive, we’ve been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said. “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings.”

“Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers,” Samuels added. “As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.”

 

Ashley Allen

Disqus Comments Loading...

Recent Posts

Twitch Now Banning All Content Focusing On Intimate Body Parts

As by now, I'm sure you are aware Twitch has decided to go ahead and…

3 hours ago

Seconds Patch of “Operation Medic Bag” For Payday 3 Released

I doubt many of you have been keeping up with Payday 3 which is understandable…

5 hours ago

MSI Announces SPATIUM M580 FROZR With A Huge Cooler

Today MSI has announced a new Gen 5 SSD, the SPATIUM M580 FROZR which comes…

5 hours ago

LENRUE PC Speakers, USB/USB-C Powered Computer Speakers with Loud Stereo Sound

Stereo and Noiseless - Without any noise! After multiple debugging, suppress static. Become clearer and…

5 hours ago

HP M27f Ultraslim Monitor 27 Inch

PICTURE-PERFECT IMMERSION – Work or play on a monitor that redefines high definition with its…

6 hours ago

Govee LED Light Bars, Smart WiFi RGBIC TV Backlight

Syncs With Your Music: With an internal high-sensitivity mic, Govee Flow Plus LED light bars…

6 hours ago