Vulnerabilities discovered across numerous Linksys routers

5 days ago13 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Is your router on the list? Image: Casezy idea/Shutterstock

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Vulnerabilities have been discovered on numerous models of Linksys routers, prompting explicit advice from the company.

If you own a Linksys router, then there’s a chance your internet connection has been compromised by a raft of vulnerabilities recently discovered by IOActive.

The routers confirmed to be at risk are the entire EAxxxx series, as well as several WRT models.

Linksys

Looking into the firmware of Linksys routers, IOActive identified 10 security vulnerabilities, six of which can be exploited remotely by unauthenticated attackers.

Tao Sauvage, writing on the discovery, found 7,000 instances of compromised routers, the majority of which were in the US.

However, Canada, Argentina, Russia, the Netherlands, Chile and Canada were among the other areas where issues were discovered.

Sauvage, though, noted that the search could not reveal the number of – if any – vulnerable routers protected by strict firewall rules.

Those routers, Sauvage said, “could still be compromised by attackers who have access to the individual or company’s internal network”.

More than 10pc of the total number of compromised devices were using default credentials, opening them up to off-site attackers. This is something that Linksys responded to with fairly emphatic advice.

The company said in a statement that it was currently working on patches to fully secure the devices from these problems.

However, until such firmware updates are available, users of these devices operating on guest networks should disable this option immediately.

Users should also consider turning on automatic updates, as well as the usual change of passwords that is always recommended after issues arise.

“We would like to emphasise that Linksys has been exemplary in handling the disclosure and we are happy to say they are taking security very seriously,” said Sauvage.

According to Linksys, the full list of affected routers comprises:

WRT Series

  • WRT1200AC
  • WRT1900AC
  • WRT1900ACS
  • WRT3200ACM

EAxxxx Series

  • EA2700
  • EA2750
  • EA3500
  • EA4500 v3
  • EA6100
  • EA6200
  • EA6300
  • EA6350 v2
  • EA6350 v3
  • EA6400
  • EA6500
  • EA6700
  • EA6900
  • EA7300
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • EA9200
  • EA9400
  • EA9500

Gordon Hunt is a journalist at Siliconrepublic.com

editorial@siliconrepublic.com