White Hat Hacker Exposes Security Exploits In Linksys’ Wi-Fi Routers

Phil Purviance, an information security specialist for AppSec Consulting exposed a vulnerability in Linksys EA2700 Network manager. The network manager has a cross-site request forgery exploit and also doesn’t require the current password to be used even when the passcode has been changed.

He also found a security bug in WRT54GL, but added that some of the exploits can be taken advantage of only if the attacker can correctly guess the default gateway of the router. But since most users don’t really change that, the attackers will use the common IP address required to gain access with the Linksys router. There is a fix for that, and that’s upgrading WRT54GL with the newer Linksys Smart Wi-Fi firmware.

According to Phil, once both of these exploits are taken advantage of together, any attackers can gain full access and take over the router as soon as the end-user is lured-in to a booby-trapped website. The website will embed a malicious javascript in the end user’s browser which will reset the router’s password and turns on its remote management and hence gaining administrator privileges over the router.

Purviance told Ars Technica,”If you have this router on your network and you browse a malicious website, five seconds later your router now has a new password and is available from the Internet. So an attacker can just log into it as if he was on your network.”

Belkin recently acquired the Linksys brand from Cisco, but it needs to do the patch on the existing routers. The company assured that the findings by Purviance will be used to fix the issue on Linksys’ Smart Wi-Fi firmware.

The company made a statement:
Network security is top of mind in everything we do. We have a layered approach via our hardware and software that provides immediate protection for our customers out of the box and enables us to react to new vulnerabilities quickly.

Source: Ars Technica