Multiple Consumer Linksys Router Models are Vulnerable to Attacks

Two security researchers have discovered two dozen Linksys router models that contain at least 10 vulnerabilities between them, open to exploits from attackers who could steal information from the routers. Some vulnerabilities are so significant that they’re open to a complete hijack by attackers.

Tao Sauvage, a senior security consultant from IOActive and Antide Petit, an independent security researcher, discovered the vulnerabilities together when working to analyze the Linksys EA3500 Smart Wi-Fi wireless router.

The researchers discovered a total of 10 vulnerabilities affecting the router. Expanding their research, the researchers also discovered that the vulnerabilities were evident in at least two dozen different router models from the prominent hardware maker’s Smart Wi-Fi WRT and Wireless-AC series. Although these products are marketed as consumer-end products, it’s entirely normal to find them at small businesses and home-office setups.

The 10 vulnerabilities, ranging from low- to high-risk concerns, include six which can be exploited by rogue attackers remotely. Two security vulnerabilities allowed attackers to create a denial-of-service (DoS) condition on the router. In such a scenario, the router becomes unresponsive after receiving a few requests or experiencing an abuse of an API, to eventually lead to a reboot. At this time, the admin of the router is unable to connect to the device until the attacker stops the DoS attack.

The most serious vulnerability allows attackers to inject and execute commands on the router’s operating system, with root privileges. This allows attackers to create backdoor access and gain persistent access to the router, essentially eavesdropping to its activity. Admins will not be able to see the backdoor account on their interface, nor would they be able to remove the backdoor using their credentials.

Using the Shodan engine to identify vulnerable devices, the researchers discovered about 7,000 devices exposed at the time of the search.

A vast majority (69%) of the discovered devices are located in the United States. Canada, Hong Kong, Chile, Netherlands, Argentina and Russia are a handful of the others.

Taking a closer look, the researching duo found that 11% of the 7000 exposed devices were using default credentials and are thus open to an easy hijack and rooting process by attackers.

The researchers shared the vulnerabilities and its technical details with Linksys in January this year. Linksys “has been exemplary in handling the disclosure and we are happy to say they are taking security very seriously,” the researchers wrote.

The router maker has since published a security advisory with temporary solutions until a new firmware version is released for affected models.

Image credit: Linksys.