Nmedia - Fotolia
About 10 vulnerabilities in more than 20 Linksys router models enable third parties to reboot systems, lock out owners and extract data. How do these router vulnerabilities work, and what mitigation steps are available?
IOActive Inc., a global cybersecurity consultancy, reported these router vulnerabilities to Linksys.
Because of these vulnerabilities, an attacker can bypass the authentication protecting the common gateway interface (CGI) scripts and gain access to sensitive information about the router, including the firmware and Linux kernel versions in use. The attackers can get a list of processes and connected USB devices, and they can then steal your Wi-Fi PIN.
The default admin password enables the attacker to gain root privilege to launch a denial-of-service (DoS) attack. The router stops responding and reboots. From a single computer, the attacker sends malicious requests to a router's API. Commands are injected on the router's firmware and secret backdoors are set up so the router admin is unable to remove them. Legitimate users are prevented from connecting to the router until the attacker stops the DoS attack.
Devices impacted by these router vulnerabilities include the Linksys' Smart Wi-Fi series of routers. Also included is the entire line of EAxxxx series routers, along with SRT series router models WRT1200AC, WRT1900AC, WRT1900ACS and WRT3200ACM. They share common base code and are tuned to a specific model. They can be turned into remote-controlled bots that can be used in large-scale network attacks, such as the Mirai attack.
Linksys has been working with IOActive to resolve the router vulnerabilities. They will release firmware updates for all impacted devices. In the interim, Linksys suggests that users perform the following steps:
- Enable automatic router updates.
- Disable Wi-Fi Guest Network if not in use.
- Change the default admin password.
In addition to Linksys' recommendations, you should also backup CGI scripts, reconfigure your routing settings and block your web-based administration pages.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Find out how the Misfortune Cookie router vulnerability can be avoided
Read about three steps to prevent and mitigate router security issues
Learn why Federal Communications Commission compliance may spell trouble for Wi-Fi router security
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
FragmentSmack, a DDoS vulnerability first discovered in Linux, affects Windows as well as nearly 90 Cisco products. Discover how it can be exploited ... Continue Reading
New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with ... Continue Reading
Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.