Welcome to WebmasterWorld Guest from 54.162.152.232

Forum Moderators: open

Message Too Old, No Replies

10 Vulnerabilities Discovered in over 20 Linksys Smart WiFi Routers Potentially Allowing DoS Attack

     
6:28 am on Apr 21, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7835
votes: 538


Multiple models of Linksys Smart Wi-Fi Routers have vulnerabilities that might be exploited to create a botnet, security researchers at IOActive warn.

The flaws could be abused to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted settings. Many of the active devices exposed were using default credentials, making them particularly susceptible to takeover.

Ten separate security issues (ranging from moderate to critical) make more than 20 models of Linksys Smart Wi-Fi Routers susceptible to attack. An initial search identified over 7,000 vulnerable devices exposed on the internet at the time of the scan.

[theregister.co.uk...]

Heads up.... a common enough piece which some of us might have....
8:39 am on Apr 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9885
votes: 517


There's been a couple reports over the last few years about router vulnerabilities. One estimate I read said over 20% of compromised hardware used to drone malicious activity was infected routers.

Considering routers usually do not have anti-virus software, alerts or warnings that computers have, it's understandable.

One of the ways routers can get infected is through mobile phones running on the router's WiFi then installing infected apps.
5:15 pm on Apr 21, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24605
votes: 589


Linksys have issued a security advisory with a temporary fix while it says it's working on a a firmware update on all affected devices.


[linksys.com...]

Affected devices are:-
WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
10:18 pm on Apr 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:11914
votes: 297


One of the ways routers can get infected is through mobile phones running on the router's WiFi then installing infected apps.
keyplyr, I would appreciate clarification on this, as I'm routinely running some mobile devices through my router's WiFi. Does this happen only when you choose to install an app that's infected... or will simply running through the router's WiFi in and of itself allow infection?

10:46 pm on Apr 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9885
votes: 517


The app would need to be infected and of course programmed to target the router.

Apps from the Google Play store and the Apple store have been vetted and are (usually) safe, but not the apps from 3rd party download sites.

Lookout (both the free & the paid version) scans all downloads for malware/viruses including any installed app. IMO a must for any smartphone today.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members