Two dozen Linksys router models are exposed to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.
Two dozen Linksys router models are vulnerable to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.
The vulnerabilities were discovered by senior security consultant Tao Sauvage from IOActive and independent security researcher Antide Petit while working together to analyze the Linksys EA3500 Smart Wi-Fi wireless router.
The two researchers found a total of 10 vulnerabilities that affect not only the EA3500, but two dozen different router models from Linksys’ Smart Wi-Fi, WRT and Wireless-AC series. Even though these devices are marketed as consumer products, it’s not unusual to find them running in small business and home office environments.
The flaws range from low to high severity and directly impact over 7,000 routers that have their web-based administrative interfaces exposed to the Internet. Countless more are vulnerable to attacks launched over local area networks from compromised computers, phones or other devices.
Two vulnerabilities allow remote unauthenticated attackers to cause a denial-of-service condition on the affected routers by sending specifically crafted requests to one of their application programming interfaces (APIs). This can result in devices becoming unresponsive and preventing users from accessing the internet.
Other flaws in the web interfaces of the affected Linksys routers allow attackers to bypass authentication and access several CGI scripts that can reveal sensitive information about the devices and their configurations. The exposed information includes the Wi-Fi Protected Setup (WPS) PIN that can allow attackers to access the wireless network and attack an affected router from within.