Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Experts Find 10 Flaws in Linksys Smart Wi-Fi Routers

Researchers at IOActive have analyzed Linksys routers and discovered a total of 10 vulnerabilities. Patches have yet to be released, but the vendor has provided some mitigation advice.

Researchers at IOActive have analyzed Linksys routers and discovered a total of 10 vulnerabilities. Patches have yet to be released, but the vendor has provided some mitigation advice.

The research has focused on Linksys routers that support the Smart Wi-Fi feature, which enables users to manage and control their home wireless network remotely from a mobile application. According to Linksys, the vulnerabilities found by IOActive affect 25 EA and WRT series routers.

IOActive will not disclose any specific information until Linksys releases firmware updates and users have had a chance to patch their devices. However, experts said the vulnerabilities they have identified can be exploited to cause a denial-of-service (DoS) condition, obtain potentially sensitive data, and even to plant backdoors.Linksys routers vulnerable to attacks

Two of the flaws can be used for DoS attacks. Unauthenticated hackers can cause the router to become unresponsive or reboot by sending specially crafted requests to a specific API. Exploitation of these flaws disrupts network connections and prevents device administrators from accessing the web interface.

Authentication bypass vulnerabilities allow attackers to access certain CGI scripts that provide access to various types of information, including firmware and Linux kernel versions, running processes, connected USB devices, and the WPS PIN. Attackers can also collect data on firewall configurations, FTP settings, and SMB server settings.

IOActive also warned that attackers who do manage to log in to the router can inject and execute commands on the device’s operating system with root privileges. This allows them to create backdoor accounts that are not visible to legitimate administrators.

However, researchers pointed out that they did not manage to find an authentication bypass that can allow an attacker to exploit this vulnerability – the authentication bypass they did find only provides access to some CGI scripts, not the API that enables these more damaging attacks.

A Shodan search conducted by IOActive revealed 7,000 vulnerable devices that can be accessed directly from the Internet. Nearly 70 percent of them were located in the United States, followed by Canada, Hong Kong, Chile, Netherlands, Venezuela, Argentina, Russia, Sweden, Norway, China, India, UK and Australia.

While researchers have not found a way to bypass authentication in order to exploit the command injection vulnerability, they did determine that 11 percent of the 7,000 exposed devices had been using default credentials.

Advertisement. Scroll to continue reading.

IOActive reported the vulnerabilities to Linksys in mid-January. The vendor is working on releasing firmware updates for affected devices and, in the meantime, it has provided some mitigation advice. The company recommends temporarily disabling the Guest Network feature, and changing the default admin password.

This research was conducted just a few months after IOActive reported finding multiple vulnerabilities in BHU Wi-Fi uRouter, a device manufactured and sold in China.

Related: Netgear Starts Patching Critical Router Flaw

Related: Malvertising Campaign Targets Routers

Related: Multiple Vulnerabilities Impact ZyXEL Customized Routers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.