About 10 vulnerabilities in more than 20 Linksys router models enable third parties to reboot systems, lock out...
owners and extract data. How do these router vulnerabilities work, and what mitigation steps are available?
IOActive Inc., a global cybersecurity consultancy, reported these router vulnerabilities to Linksys.
Because of these vulnerabilities, an attacker can bypass the authentication protecting the common gateway interface (CGI) scripts and gain access to sensitive information about the router, including the firmware and Linux kernel versions in use. The attackers can get a list of processes and connected USB devices, and they can then steal your Wi-Fi PIN.
The default admin password enables the attacker to gain root privilege to launch a denial-of-service (DoS) attack. The router stops responding and reboots. From a single computer, the attacker sends malicious requests to a router's API. Commands are injected on the router's firmware and secret backdoors are set up so the router admin is unable to remove them. Legitimate users are prevented from connecting to the router until the attacker stops the DoS attack.
Devices impacted by these router vulnerabilities include the Linksys' Smart Wi-Fi series of routers. Also included is the entire line of EAxxxx series routers, along with SRT series router models WRT1200AC, WRT1900AC, WRT1900ACS and WRT3200ACM. They share common base code and are tuned to a specific model. They can be turned into remote-controlled bots that can be used in large-scale network attacks, such as the Mirai attack.
Linksys has been working with IOActive to resolve the router vulnerabilities. They will release firmware updates for all impacted devices. In the interim, Linksys suggests that users perform the following steps:
- Enable automatic router updates.
- Disable Wi-Fi Guest Network if not in use.
- Change the default admin password.
In addition to Linksys' recommendations, you should also backup CGI scripts, reconfigure your routing settings and block your web-based administration pages.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Find out how the Misfortune Cookie router vulnerability can be avoided
Read about three steps to prevent and mitigate router security issues
Learn why Federal Communications Commission compliance may spell trouble for Wi-Fi router security
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
HTTPS interception tools help protect websites, but they can also hurt TLS security. Expert Judith Myerson explains how this works and what ...continue reading
Better DevOps application lifecycle management can help protect cryptographic and digital keys. Expert Judith Myerson explains the right approaches ...continue reading
Hacks on a car's diagnostic dongle can completely take over the vehicle and even shut off the engine. Expert Judith Myerson explains how this works ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.