Q
Problem solve Get help with specific problems with your technologies, process and projects.

How do Linksys router vulnerabilities expose user data?

Router vulnerabilities in over 20 Linksys models expose user data to attackers. Expert Judith Myerson explains how the flaws work and how to protect against them.

About 10 vulnerabilities in more than 20 Linksys router models enable third parties to reboot systems, lock out...

owners and extract data. How do these router vulnerabilities work, and what mitigation steps are available?

IOActive Inc., a global cybersecurity consultancy, reported these router vulnerabilities to Linksys.

Because of these vulnerabilities, an attacker can bypass the authentication protecting the common gateway interface (CGI) scripts and gain access to sensitive information about the router, including the firmware and Linux kernel versions in use. The attackers can get a list of processes and connected USB devices, and they can then steal your Wi-Fi PIN.

The default admin password enables the attacker to gain root privilege to launch a denial-of-service (DoS) attack. The router stops responding and reboots. From a single computer, the attacker sends malicious requests to a router's API. Commands are injected on the router's firmware and secret backdoors are set up so the router admin is unable to remove them. Legitimate users are prevented from connecting to the router until the attacker stops the DoS attack.

Devices impacted by these router vulnerabilities include the Linksys' Smart Wi-Fi series of routers. Also included is the entire line of EAxxxx series routers, along with SRT series router models WRT1200AC, WRT1900AC, WRT1900ACS and WRT3200ACM. They share common base code and are tuned to a specific model. They can be turned into remote-controlled bots that can be used in large-scale network attacks, such as the Mirai attack.

Linksys has been working with IOActive to resolve the router vulnerabilities. They will release firmware updates for all impacted devices. In the interim, Linksys suggests that users perform the following steps:

  • Enable automatic router updates.
  • Disable Wi-Fi Guest Network if not in use.
  • Change the default admin password.

In addition to Linksys' recommendations, you should also backup CGI scripts, reconfigure your routing settings and block your web-based administration pages.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out how the Misfortune Cookie router vulnerability can be avoided

Read about three steps to prevent and mitigate router security issues

Learn why Federal Communications Commission compliance may spell trouble for Wi-Fi router security

This was last published in June 2017

Dig Deeper on Network device security: Appliances, firewalls and switches

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your enterprise handle router security vulnerabilities?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close