Security firm warns of vulnerabilities in older Linksys routers – Update
Austrian security company Sec Consult has published information about leaks in several Linksys routers. No patches have been released for this so far, but the company decided to proceed with publication because there was no response.
According to Sec Consult, the vulnerable routers are the older E900, E900-ME, E1200, E1500, E3200, E4200, E8400 and WRT54G2. These are mainly models that appeared around 2012. One of the vulnerabilities found allows an attacker to easily perform a dos attack on the same Wi-Fi network, causing the device to reboot or the web interface and DHCP to stop working. In addition, the routers are prone to header injection, which can redirect users to malicious websites.
Furthermore, the session of an administrator can be taken over via the local network and the administrator interface is also susceptible to xss and csrf via the same way. These allow an attacker to execute code within a browser and can be executed because the session id can be taken over. These can only be performed via the Internet if the ID can be retrieved via the Internet, for example via the referrer.
The security firm approached Linksys in July with its findings, after which it confirmed three vulnerabilities in August. At the end of that month, Linksys reported that it was trying to get patched firmware from the OEM, but it was difficult due to older products. Linksys was bought by Cisco in 2003 and sold to Belkin in 2013. The routers in question came out before this latest takeover.
At the beginning of September, the manufacturer said that a patch for the E2500 is available, which indeed came out this month. Linksys expected to receive patches for other models. Since then, however, Sec Consult has not received a response to his questions and decided to publish its findings.
Update, Friday: tweaker Cobalt notes that Linksys has already published a fix for the E900 routers on October 12, while the publication of Sec Consult states that this patch is still on the way. It appears to be a miscommunication between Sec Consult and Linksys. The other models have not yet been updated.