subscribe: Posts | Comments

Popular Router Models Are Major Security Risks

0 comments
Popular Router Models Are Major Security Risks

In many homes, the router is the gateway to the wide and wild world of the internet.

It’s that little gadget you connect your devices to for internet access. It is an essential component in our internet-connected households and businesses.

But much like our computers and other smart appliances, your humble router is vulnerable to security threats, attacks and vulnerabilities too.

Similar to several Netgear and D-Link router models, which were found to have security holes late last year, a number of Linksys routers were discovered to have still unpatched vulnerabilities, which are exposing thousands of gadgets to potential attacks.

IOActive security consultant Tao Sauvage and security researcher Antide Petit revealed Wednesday that 10 vulnerabilities in at least 20 Linksys router models were discovered late last year.

The vulnerabilities, which range from low to high-risk severities, can allow attackers to overload the routers and force them to reboot via denial-of-service (DoS).

The flaws also allow hackers to snoop on sensitive information including router firmware version, connected USB device data, Wi-Fi Protected Setup (WPS) pins and even control settings.

Worst of all, attackers can exploit the vulnerabilities to gain authentication on the routers and execute root access commands for creations of persistent backdoor access that are not detectable on the router’s management interface.

IOActive informed Linksys about the vulnerabilities in January and in line with responsible disclosure, warned the company that it will reveal the security flaws publicly after three months.

The affected Linksys router models are as follows:

EA2700
EA2750
EA3500
EA4500v3
EA6100
EA6200
EA6300
EA6350v2
EA6350v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

How to protect yourself

As a temporary workaround, Linksys advises owners of the affected routers to do the following:

  • Enable Automatic Updates
  • Disable Guest Network when not in use
  • Change the default router administrator password immediately

Leave a Reply