DHS warns Linksys ‘SMART wifi’ router firmware exposed to remote attacks
- 03 November, 2014 09:35
Updated: Linksys has now provided updates for the EA3500 and EA 2700. See below for links to the relevant support pages."
The US Department of Homeland Security (DHS) has raised alarm bells over two Linksys router models that haven’t received security fixes that were released for other routers in July.
The two models in question are the EA2700 and EA3500 routers that Linksys decided didn't patch when it fixed other devices from its EA series three months ago.
Carnegie Mellon University’s computer emergency response team (CERT), a DHS sponsored unit, on Friday drew attention to patches for two flaws affecting 10 Linksys devices running its SMART wifi firmware — a feature introduced in 2012 which allowed owners of Linksys EA series routers to remotely control their home network via a smartphone app.
The problem, which resides in the firmware, is that Linksys only released a fix for eight of the affected devices.
The CERT pointed to two separate flaws affecting SMART wifi firmware that can be exploited locally and remotely.
The first flaw, officially designated as CVE-2014-8243, relates to key management errors in the firmware that potentially expose the router’s password file to an attacker who’s on the same local area network.
“An unauthenticated attacker on the local area network (LAN) can read the router's .htpassword file by requesting http(s)://
The second flaw, assigned the identifier CVE-2014-8244, is remotely exploitable and may allow an attacker to “read of modify sensitive information on the router”.
“A remote, unauthenticated user can issue various JNAP calls by sending specially-crafted HTTP POST requests to http(s)://
It added that the flaws could be exploited by an attacker on the wide area network (WAN). "[T]he router exposes multiple ports to the WAN by default. Port 100080 and 52000 both expose the administrative web interface to WAN users. Depending on the model, additional ports may be exposed by default as well.".
Linksys models affected by the flaws include its EA2700, EA3500, E4200v2, EA4500, EA6200, EA6300, EA6400, EA6500, EA6700, EA6900. Linksys released updates that remedy the flaws in July except the EA2700 and EA3500.
The routers that lack an update were introduced under the Linksys brand in 2012, before Cisco sold Linksys unit to Belkin.
Last April, security researcher Phil Purviance found that the EA2700 model contained multiple flaws the classic firmware that exposed to the devices to attacks through the browser-based admin panel. At the time, Linksys said that the SMART wifi firmware was not affected.
CSO.com.au has asked Linksys whether it will release a fix for the devices and if so when. It will update the story if it receives an answer.
The URLs below link to Linksys' support pages for the two products in different regions.
This article is brought to you by Enex TestLab, content directors for CSO Australia.