Skip to main content

A Number Of Linksys Routers Are Vulnerable To Attack

By May 10, 2017May 25th, 2021Cybersecurity

It’s not an overstatement to say that Linksys, to a large degree, powers the web. The company makes a broad range of routers that lie at the heart of everything from small home networks to keeping small and medium sized businesses interconnected.

Unfortunately, a pair of researchers from IOActive recently discovered a total of ten different security vulnerabilities that impact the company’s popular EA3500 router, and more than two dozen other models as well, including models from the company’s Smart Wi-Fi, Wireless-AC and WRT series.

The common theme here is that all of the impacted routers have web-based admin interfaces.

Not all of the security flaws that were found are critical, but the critical ones are pretty devastating. One of them allows unauthenticated users to launch DOS (Denial of Service) attacks.

Another allows attackers to bypass the normal authentication process and access scripts, which in turn can reveal sensitive information about the router and its configuration, including giving the hacker your WPS PIN, which will allow them back in any time they want. Once inside, they can, of course, launch attacks on any device connected to your network.

Still another can be used to get the router’s firmware version and a complete list of all devices connected to your network, including USB-connected peripherals, which would allow them to make better decisions about where to attack you.

The worst of the security flaws, however, allow the hackers to inject malicious code into your network with root privileges. This could, among other things, allow them to set up a shadow admin account in your network that is completely invisible to you. Obviously, with this account in place and active, there’s no limit to the amount of damage a hacker could do.

The official word from Linksys is that they are currently working on fixes for all of these issues, but thus far, no ETA has been announced.

Chris Forte

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.

Leave a Reply