Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Experts Find 10 Flaws in Linksys Smart Wi-Fi Routers

Researchers at IOActive have analyzed Linksys routers and discovered a total of 10 vulnerabilities. Patches have yet to be released, but the vendor has provided some mitigation advice.

Researchers at IOActive have analyzed Linksys routers and discovered a total of 10 vulnerabilities. Patches have yet to be released, but the vendor has provided some mitigation advice.

The research has focused on Linksys routers that support the Smart Wi-Fi feature, which enables users to manage and control their home wireless network remotely from a mobile application. According to Linksys, the vulnerabilities found by IOActive affect 25 EA and WRT series routers.

IOActive will not disclose any specific information until Linksys releases firmware updates and users have had a chance to patch their devices. However, experts said the vulnerabilities they have identified can be exploited to cause a denial-of-service (DoS) condition, obtain potentially sensitive data, and even to plant backdoors.Linksys routers vulnerable to attacks

Two of the flaws can be used for DoS attacks. Unauthenticated hackers can cause the router to become unresponsive or reboot by sending specially crafted requests to a specific API. Exploitation of these flaws disrupts network connections and prevents device administrators from accessing the web interface.

Authentication bypass vulnerabilities allow attackers to access certain CGI scripts that provide access to various types of information, including firmware and Linux kernel versions, running processes, connected USB devices, and the WPS PIN. Attackers can also collect data on firewall configurations, FTP settings, and SMB server settings.

IOActive also warned that attackers who do manage to log in to the router can inject and execute commands on the device’s operating system with root privileges. This allows them to create backdoor accounts that are not visible to legitimate administrators.

However, researchers pointed out that they did not manage to find an authentication bypass that can allow an attacker to exploit this vulnerability – the authentication bypass they did find only provides access to some CGI scripts, not the API that enables these more damaging attacks.

A Shodan search conducted by IOActive revealed 7,000 vulnerable devices that can be accessed directly from the Internet. Nearly 70 percent of them were located in the United States, followed by Canada, Hong Kong, Chile, Netherlands, Venezuela, Argentina, Russia, Sweden, Norway, China, India, UK and Australia.

While researchers have not found a way to bypass authentication in order to exploit the command injection vulnerability, they did determine that 11 percent of the 7,000 exposed devices had been using default credentials.

IOActive reported the vulnerabilities to Linksys in mid-January. The vendor is working on releasing firmware updates for affected devices and, in the meantime, it has provided some mitigation advice. The company recommends temporarily disabling the Guest Network feature, and changing the default admin password.

This research was conducted just a few months after IOActive reported finding multiple vulnerabilities in BHU Wi-Fi uRouter, a device manufactured and sold in China.

Related: Netgear Starts Patching Critical Router Flaw

Related: Malvertising Campaign Targets Routers

Related: Multiple Vulnerabilities Impact ZyXEL Customized Routers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.