Routers are the devices most exposed to possible computer attacks as they are the first point of contact between any attacker, whether through the Internet or simply by connection to our Wi-Fi network. For this reason, security in this type of devices is one of the most important aspects, being worrisome when a manufacturer stops supporting several models and, in addition, it turns out that several serious vulnerabilities are discovered in these, as it has just happened to Linksys.
A few hours ago, a group of security experts has just released the existence of a total of 10 serious vulnerabilities in the firmware of 25 models of Linksys routers, most of them high-end models widely used around the world. Of these 10 vulnerabilities, 6 can even be exploited remotely by any user, even without being authenticated.
These 10 vulnerabilities can allow hackers to perform all sorts of attacks against these routers, from a simple DoS attack by abusing the firmware API of these routers to evading all router security measures. They can also obtain information about the kernel and version ( to carry out other attacks) and even execute code in the memory of vulnerable routers with root permissions, which could easily lead to new malware that would turn all these routers into a new botnet or create a backdoor that would guarantee the hacker remote access to the routers even when the vulnerabilities are updated and corrected.
The routers affected by these vulnerabilities are the EA2700, EA3500, EA4500v3, EA6200, EA6200, EA6300, EA6350v2, EA6350v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500 , WRT1200AC, WRT1900AC, WRT1900ACS, and WRT3200ACM.
A quick search on Shodan has discovered more than 7000 vulnerable Linksys routers connected to the Internet, with 70% of them in the United States, although, being such a widespread brand worldwide, the potential risk is very high. We must protect ourselves as soon as possible.
At the moment it is not known when the official update will arrive to the users, nor if all the models are going to be updated or not. Therefore, while the corresponding security patch arrives to protect us from this failure, it is advisable to deactivate the guest network as soon as possible to prevent any hacker from taking advantage of them. It is also advisable to change the passwords, both router and Wi-Fi, to ensure that we have not already been victims of hackers.
Router manufacturers should not make such serious flaws in their own firmware. The truth is that Linksys firmware is probably one of the poorest systems we can find on the market, far behind the firmware that includes its rivals, such as Asus, NETGEAR or TP-Link.
Many of the vulnerable Linksys routers are also compatible with alternative firmware such as DD-WRT, so taking advantage of this serious security breach and poor support offered by this manufacturer can be a good opportunity to test this or other free, open source and more secure firmware than the official Linksys firmware.