Researchers discover security flaws in over 20 Linksys router models

The vulnerabilities could be used to create a botnet

By Rob Thubron April 21, 2017, 6:15

Researchers discover security flaws in over 20 Linksys router models

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Security researchers have discovered a number of vulnerabilities in various models of Linksys routers that hackers could potentially exploit to create a botnet.

Senior security consultant Tao Sauvage and independent researcher Antide Petit discovered the bugs late last year. In a recent blog post, Sauvage reveals they identified ten vulnerabilities that range from low- to high-risk issues, six of which can be exploited remotely by attackers.

The security flaws could allow hackers to overload a device, force a reboot, deny user access, leak sensitive information about the router, and change restricted settings.

"A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure," said Sauvage. "Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks."

The flaws are present in over 20 different models of Linksys routers - the full list is available below. An initial scan discovered there were over 7000 vulnerable devices exposed at the time of the search. The majority of affected routers, 69 percent, are located in the US.

IOActive informed Linksys of the issues in January, allowing the company three months to address the problems before going public with its findings.

Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said: "Working together with IOActive, we've been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure."

"Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings. IOActive has been a great partner throughout what's been a textbook example of researcher and vendor working cooperatively."

In a recent advisory, Linksys advises users to enable automatic updates, disable the Wi-Fi Guest Network feature, and change the default admin password. A firmware update to fix the issues will be released in the coming weeks.

Here is the list of affected products:

WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500

2 comments 95 likes and shares

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot