Security researchers have found that a number of Linksys Smart Wi-Fi routers contain vulnerabilities that could be exploited to form part of a botnet. Cybersecurity consultancy IOActive discovered that these flaws – ten separate issues across twenty models – could allow hackers to take over the device and change its credentials, deny user access, or leak information. During an initial scan, IO Active found there to be more than 7,000 vulnerable routers online at the time.
“A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure,” Tao Sauvage, senior security consultant at IOActive, said (via The Register). “Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”
The following Linksys routers have been found to contain these known vulnerabilities:
WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACMEAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
While a fix is coming soon, in the meantime Linksys recommends disabling guest networks.
“Working together with IOActive, we’ve been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said. “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings.”
“Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers,” Samuels added. “As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.”
Electronic Arts (EA) announced today that its games were played for over 11 billion hours…
Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…
GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…
Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…
Ubisoft is not having the best of times, but despite recent flops, the company still…
If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…