1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Researchers discover security flaws in over 20 Linksys router models

By midian182
Apr 21, 2017
Post New Reply
  1. Security researchers have discovered a number of vulnerabilities in various models of Linksys routers that hackers could potentially exploit to create a botnet.

    Senior security consultant Tao Sauvage and independent researcher Antide Petit discovered the bugs late last year. In a recent blog post, Sauvage reveals they identified ten vulnerabilities that range from low- to high-risk issues, six of which can be exploited remotely by attackers.

    The security flaws could allow hackers to overload a device, force a reboot, deny user access, leak sensitive information about the router, and change restricted settings.

    "A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure," said Sauvage. "Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks."

    The flaws are present in over 20 different models of Linksys routers - the full list is available below. An initial scan discovered there were over 7000 vulnerable devices exposed at the time of the search. The majority of affected routers, 69 percent, are located in the US.

    IOActive informed Linksys of the issues in January, allowing the company three months to address the problems before going public with its findings.

    Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said: "Working together with IOActive, we've been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure."

    "Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings. IOActive has been a great partner throughout what's been a textbook example of researcher and vendor working cooperatively."

    In a recent advisory, Linksys advises users to enable automatic updates, disable the Wi-Fi Guest Network feature, and change the default admin password. A firmware update to fix the issues will be released in the coming weeks.

    Here is the list of affected products:

    WRT Series
    WRT1200AC
    WRT1900AC
    WRT1900ACS
    WRT3200ACM

    EAxxxx Series
    EA2700
    EA2750
    EA3500
    EA4500 v3
    EA6100
    EA6200
    EA6300
    EA6350 v2
    EA6350 v3
    EA6400
    EA6500
    EA6700
    EA6900
    EA7300
    EA7400
    EA7500
    EA8300
    EA8500
    EA9200
    EA9400
    EA9500

    Permalink to story.

     
  2. Used Rugs

    Used Rugs TS Rookie

    What about dd-wrt firmware
     
    Reehahs and TheBigT42 like this.
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 2,393   +1,257

    I would LOVE to see them expand this study to ALL routers available today, just so we have a fair and balanced review .....
     
    Reehahs likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...