Skip to content

April 22, 2017

Researchers find 10 vulnerabilities in 25 network routers supplied by Linksys

by John_A

Why it matters to you

If you own one of the 25 router models with a security flaw, be on the lookout for a firmware fix from Linksys.

After we pointed out a security issue with the web-based interface in our recent Linksys EA8300 router review, IOActive Labs reports it discovered 10 security vulnerabilities across 25 different Linksys routers, including the EA8300 unit we just reviewed. The issues range from low to high on a security level, six of which grant remote access to “unauthenticated” attackers.

In one example, hackers can use an affected router as a Denial-of-Service (DoS) tool. The hacker merely sends a few requests or “abuse” a specific API used by the browser-based backend. The router will then either become unresponsive or will reboot altogether. When that happens, router owners are locked out of the web-based interface and connected client devices can’t access the internet until the hacker stops the DoS attack.

Firmware flaws also enable hackers to collect “technical and sensitive” information about the router itself by bypassing the authentication protecting the onboard Common Gateway Interface (CGI) scripts, which enables the router to generate the browser-based interface. Information collected through this vulnerability include the firmware version, a list of connected USB devices, the firewall configuration, and more.

“Authenticated attackers can inject and execute commands on the operating system of the router with root privileges,” reports IOActive’s Taeo Sauvage. “One possible action for the attacker is to create backdoor accounts and gain persistent access to the router. Backdoor accounts would not be shown on the web admin interface and could not be removed using the Admin account.”

Sauvage and his co-researcher used the Shodan tool to discover that only around 7,000 vulnerable Linksys routers accessed the internet at the time of the report. However, that number does not include vulnerable routers that are running behind another network appliance or governed by strict firewall rules. That is also a global number spanning 25 different models, too.

That said, the majority of the vulnerable routers resides within the United States at 69 percent. Canada falls into second place with 10 percent while Hong Kong, Chile, Netherlands, Venezuela, Argentina, and Russia are each around one to two percent. The remaining 13 percent of the affected units fall within the “others” group.

What is not surprising is that around 11 percent of these devices rely on the default credentials provided by Belkin/Linksys, opening the door for hackers to simply log into the router and get full root access remotely. Most if not all of the affected routers are linked to a cloud account.

Belkin/Linksys is working on a firmware fix now. They provide a security advisory regarding the discovery although you will not find it splashed on the front cover of the Linksys website. It is also not openly listed on the website’s Support section. The only way we found the advisory was through a Google search, or by clicking on the link within Sauvage’s report.

Here are the routers in question:

EAxxxx Series

EA4500 v3
EA6350 v2
EA6350 v3

WRT Series

WRT 1200AC
WRT 1900AC

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: