Linksys routers are vulnerable due to multiple cgi scripts
Linksys EA6100 to EA6300 series routers are vulnerable due to multiple cgi scripts. These scripts can be used by an unauthorized attacker, allowing them to access the device’s administrator password.
The Register reports that the vulnerabilities were found by the company KoreLogic, which has published a report on the findings. Among others, bootloader_info.cgi, sysinfo.cgi, ezwifi_cfg.cgi and qos_info.cgi can be used to adjust the settings of the routers. With this, for example, the administrator password could be retrieved.
There is no patch available from Linksys at this time, although KoreLogic contacted the company back in September. The Register states that it does not expect many patches to be implemented, because it concerns consumer models. In any case, it is recommended that users disable remote administrative access on the affected devices.