Categories: HackingSecurity

Two Linksys routers running SMART Wi-Fi Firmware are still vulnerable to remote attacks

Two models of Linksys routers running SMART Wi-Fi Firmware remain vulnerable to a pair of vulnerabilities recently patched by the company.

Linksys EA2700 and EA3500 are the two routers running Linksys SMART Wi-Fi firmware that are still affected by a couple of vulnerabilities recently patched in different models of the Belkin-owned networking gear.

On October 31th, the US-CERT issued the Vulnerability Note VU#447516 related to the presence of multiple vulnerabilities in Linksys SMART WiFi firmware.

An attacker could remotely exploit both the vulnerabilities to steal user credentials and access to the router settings.

The exploits for vulnerabilities are publicly available since September, a Turkish hacker published on his website the code to remotely hack the EA3500 and EA6500 models. Linksys EA series routers running the Linksys SMART WiFi firmware are affected by multiple flaw.

The researcher Kyle Lovett reported the vulnerabilities in July and Linksys fixed the flaws bugs on October 23th for the network devices included in the following list:

  • E4200v2
  • EA4500
  • EA6200
  • EA6300
  • EA6400
  • EA6500
  • EA6700
  • EA6900

Linksys is urging his clients to enable automatic updates in the SOHO and consumers models.

“Linksys has an option to have automatic updates, which makes the patches hit far more units than other SOHO models out there,” explained Lovett.

The official advisory released by the US-CERT provided the following descriptions for the vulnerabilities in Linksys SMART WiFi firmware.

CWE-320: Key Management Errors – CVE-2014-8243

An unauthenticated attacker on the local area network (LAN) can read the router’s .htpassword file by requestinghttp(s)://<router_ip>/.htpasswd. The .htpasswd file contains the MD5 hash of the administrator password.

CWE-200: Information Exposure – CVE-2014-8244

A remote, unauthenticated user can issue various JNAP calls by sending specially-crafted HTTP POST requests to http(s)://<router_ip>/JNAP/. Depending on the JNAP action that is called, the attacker may be able to read or modify sensitive information on the router.

It should also be noted that the router exposes multiple ports to the WAN by default. Port 10080 and 52000 both expose the administrative web interface to WAN users. Depending on the model, additional ports may be exposed by default as well.

The CWE-200 is the most critical flaw because an attacker could send specially-crafted HTTP-POST requests to access sensitive data on the routers.

Recently numerous hacking campaigns hit SOHO devices, security experts at Rapid7 recently discovered a security vulnerability in NAT-PMP protocol implementations that puts 1.2 Million SOHO devices at risk.

The exploitation of the flaws could be exploited by bad actors to conduct different malicious activities, most serious and dangerous among them being the ability to redirect traffic to a website controlled by the attackers.

To fix the vulnerabilities in the models included in the list above apply the updates according the instructions provided in the security advisory issued by the US-CERT.

Pierluigi Paganini

Security Affairs –  (SOHO devices, Linksys)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 hour ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

13 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

17 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

22 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.