Vulnerabilities have been discovered on numerous models of Linksys routers, prompting explicit advice from the company.
If you own a Linksys router, then there’s a chance your internet connection has been compromised by a raft of vulnerabilities recently discovered by IOActive.
The routers confirmed to be at risk are the entire EAxxxx series, as well as several WRT models.
Looking into the firmware of Linksys routers, IOActive identified 10 security vulnerabilities, six of which can be exploited remotely by unauthenticated attackers.
Tao Sauvage, writing on the discovery, found 7,000 instances of compromised routers, the majority of which were in the US.
However, Canada, Argentina, Russia, the Netherlands, Chile and Canada were among the other areas where issues were discovered.
Sauvage, though, noted that the search could not reveal the number of – if any – vulnerable routers protected by strict firewall rules.
Those routers, Sauvage said, “could still be compromised by attackers who have access to the individual or company’s internal network”.
More than 10pc of the total number of compromised devices were using default credentials, opening them up to off-site attackers. This is something that Linksys responded to with fairly emphatic advice.
The company said in a statement that it was currently working on patches to fully secure the devices from these problems.
However, until such firmware updates are available, users of these devices operating on guest networks should disable this option immediately.
Users should also consider turning on automatic updates, as well as the usual change of passwords that is always recommended after issues arise.
“We would like to emphasise that Linksys has been exemplary in handling the disclosure and we are happy to say they are taking security very seriously,” said Sauvage.
According to Linksys, the full list of affected routers comprises:
- EA4500 v3
- EA6350 v2
- EA6350 v3