Nmedia - Fotolia

How do Linksys router vulnerabilities expose user data?

Router vulnerabilities in over 20 Linksys models expose user data to attackers. Expert Judith Myerson explains how the flaws work and how to protect against them.

About 10 vulnerabilities in more than 20 Linksys router models enable third parties to reboot systems, lock out owners and extract data. How do these router vulnerabilities work, and what mitigation steps are available?

IOActive Inc., a global cybersecurity consultancy, reported these router vulnerabilities to Linksys.

Because of these vulnerabilities, an attacker can bypass the authentication protecting the common gateway interface (CGI) scripts and gain access to sensitive information about the router, including the firmware and Linux kernel versions in use. The attackers can get a list of processes and connected USB devices, and they can then steal your Wi-Fi PIN.

The default admin password enables the attacker to gain root privilege to launch a denial-of-service (DoS) attack. The router stops responding and reboots. From a single computer, the attacker sends malicious requests to a router's API. Commands are injected on the router's firmware and secret backdoors are set up so the router admin is unable to remove them. Legitimate users are prevented from connecting to the router until the attacker stops the DoS attack.

Devices impacted by these router vulnerabilities include the Linksys' Smart Wi-Fi series of routers. Also included is the entire line of EAxxxx series routers, along with SRT series router models WRT1200AC, WRT1900AC, WRT1900ACS and WRT3200ACM. They share common base code and are tuned to a specific model. They can be turned into remote-controlled bots that can be used in large-scale network attacks, such as the Mirai attack.

Linksys has been working with IOActive to resolve the router vulnerabilities. They will release firmware updates for all impacted devices. In the interim, Linksys suggests that users perform the following steps:

  • Enable automatic router updates.
  • Disable Wi-Fi Guest Network if not in use.
  • Change the default admin password.

In addition to Linksys' recommendations, you should also backup CGI scripts, reconfigure your routing settings and block your web-based administration pages.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out how the Misfortune Cookie router vulnerability can be avoided

Read about three steps to prevent and mitigate router security issues

Learn why Federal Communications Commission compliance may spell trouble for Wi-Fi router security

Dig Deeper on Network security