Leave a comment

These 20 popular router models are major security risks!

These 20 popular router models are major security risks!
© Kirill Makarov | Dreamstime.com

In many homes, the router is the gateway to the wide and wild world of the internet. It's that little gadget you connect your devices to for internet access. It is an essential component in our internet-connected households and businesses.

But much like our computers and other smart appliances, your humble router is vulnerable to security threats, attacks and vulnerabilities too.

Similar to several Netgear and D-Link router models, which were found to have security holes late last year, a number of Linksys routers were discovered to have still unpatched vulnerabilities, which are exposing thousands of gadgets to potential attacks.

IOActive security consultant Tao Sauvage and security researcher Antide Petit revealed Wednesday that 10 vulnerabilities in at least 20 Linksys router models were discovered late last year.

The vulnerabilities, which range from low to high-risk severities, can allow attackers to overload the routers and force them to reboot via denial-of-service (DoS).

The flaws also allow hackers to snoop on sensitive information including router firmware version, connected USB device data, Wi-Fi Protected Setup (WPS) pins and even control settings.

Worst of all, attackers can exploit the vulnerabilities to gain authentication on the routers and execute root access commands for creations of persistent backdoor access that are not detectable on the router's management interface.

IOActive informed Linksys about the vulnerabilities in January and in line with responsible disclosure, warned the company that it will reveal the security flaws publicly after three months.

The affected Linksys router models are as follows:

  • EA2700
  • EA2750
  • EA3500
  • EA4500v3
  • EA6100
  • EA6200
  • EA6300
  • EA6350v2
  • EA6350v3
  • EA6400
  • EA6500
  • EA6700
  • EA6900
  • EA7300
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • EA9200
  • EA9400
  • EA9500
  • WRT1200AC
  • WRT1900AC
  • WRT1900ACS
  • WRT3200ACM

How to protect yourself

In response, Linksys released a security advisory warning users about the flaws and a few workarounds customers should do while the company is preparing a patch.

"We acknowledge the challenge of reaching out to the end-users with security fixes when dealing with embedded devices," the researchers wrote in their blog. "This is why Linksys is proactively publishing a security advisory to provide temporary solutions to prevent attackers from exploiting the security vulnerabilities we identified, until a new firmware version is available for all affected models."

Note: Click here to see why updating your router's firmware is a must.

As a temporary workaround, Linksys advises owners of the affected routers to do the following:

  1. Enable Automatic Updates
  2. Disable Guest Network when not in use
  3. Change the default router administrator password immediately

To read more about the Linksys router flaws, click here to read IOActive's blog post.

More must-read stories:

How to do a Deep Web search and why you should

5 dangerous phone scams that are spreading now

How to spot disguised malicious files before they infect your computer

Next Story
Source: ZDNet
Bill Gates didn't let his kids have mobile phones until they turned 14
Previous Happening Now

Bill Gates didn't let his kids have mobile phones until they turned 14

Court rules cellphone caused brain tumor
Next Happening Now

Court rules cellphone caused brain tumor

View Comments ()