Critical vulnerabilities are discovered in 25 Linksys Smart Wi-Fi devices.
The list of Linksys Smart Wi-Fi devices with detected vulnerabilities: WRT1200AC, WRT1900AC, WRT1900ACS, WRT3200ACM, EA2700, EA2750, EA3500, EA4500 v3, EA6100, EA6200, EA6300, EA6350 v2, EA6350 v3, EA6400, EA6500, EA, EA, EA, 5000, EA6300, EA6300, EA6350, EA6350 v2, EA6350 v3, EA6350 v3, EA6350 v3, EA6300, EA6300, EA6300, EA6350 v3, EA6350 v3 EAA0000 EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500.
Researchers at IOActive, a company specializing in security firmware, discovered 10 vulnerabilities, including critical ones, in 25 of the popular Linksys Smart Wi-Fi series routers. Among the vulnerabilities:
')
- Vulnerabilities that allow an attacker to make a DDoS attack. By sending several requests to a specific API of the router, it stops responding or restarts. The administrator does not have access to the web interface, and users will not be able to connect to the router until the attack stops;
- Vulnerabilities related to CGI script authentication bypass, allowing to collect confidential information, such as: firmware version and Linux kernel, list of running processes and connected USB devices, WPS pins, list of connected devices and their OS, access to firewall rules, FTP settings and SMB services;
- Vulnerability to allow an authenticated user to execute arbitrary code with root privileges . As one of the attack options, the user can create a backdoor account to obtain permanent hidden access to the device, since such an account will not be displayed in the list of users in the web interface of the router, and cannot be deleted under the administrator account.
It is worth noting that the researchers from IOActive could not find a way to bypass the authentication protection of the vulnerable API:
It should not be noted; this is different than the authentication of the CGI scripts.
Researchers reported the detected vulnerabilities to the vendor and do not yet disclose the details. Linksys has published information on the site and as a temporary measure offers:
- Enable automatic update: www.linksys.com/us/support-article?articleNum=140124#b
- Disable guest network if not in use: www.linksys.com/us/support-article?articleNum=140861
- Change the default administrator password: www.linksys.com/us/support-article?articleNum=142491
Materials on the security of wireless networks: attack and protection of Wi-Fi .
Source: https://habr.com/ru/post/327044/
All Articles