consultant at IOActive, and independent security researchers to tide Petit 10 vulnerabilities in wireless routers from Linksys made public. More than 20 models of the Belkin subsidiary, including products that are offered in this country are affected. Six vulnerabilities can exploit from a distance and without valid credentials.
the errors represent with varying degrees of severity may be a significant risk. Attacker can overload the affected devices and force a restart, resulting in a denial-of-service attack. It is also possible to bypass the authentication and confidential information such as firmware version, version of the Linux kernel, data from connected USB sticks and WPS passwords for establishing wireless connections to spy.
in addition, hackers can manipulate certain settings of the router. Attackers who have valid login credentials for a router, can also execute commands with root privileges, and thus set up a permanent access, which is not visible in the user interface of the router. According to IOActive, eleven percent of the routers found by SHODAN had allows still the password preset at the factory, which said root access.
Linksys are the details of the vulnerabilities known since January 2017. Therefore the models EA2700, EA2750, EA3500, EA4500v3, EA6100, EA6200, EA6300, EA6350v2, EA6350v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500, WRT1200AC, WRT1900AC, WRT1900ACS, and WRT3200ACM are affected.
using the equipment search engine SHODAN, the researchers found only about 7000 vulnerable Linksys router. They point out that that no devices are included, which are protected by strict firewall rules or other security measures and are still vulnerable. The most unsafe devices (69 per cent) is located accordingly in the United States, followed by Canada (2 percent), Hong Kong (2 percent) and the Netherlands (1 percent).
Linksys has its customers since March with a Security Advisory the defects. It advises the company among other things, to change the default password of the device. Also, it offers a workaround with the affected parties to protect themselves. Firmware updates that close the gaps, should be only in the coming weeks available.
“We know the difficulties to provide end user on embedded devices with security fixes,” the researchers said. “That’s why Linksys has published proactively a security warning with a temporary solution, to prevent attackers to exploit the vulnerabilities discovered by us, until a new firmware is available for all affected devices.” IOActive technical details about the vulnerabilities will publish after deployment of the patches.
[withmaterialfromCharlieOsborne ZDNet.com ]
tip : you know the most famous hacker? Check your knowledge – with 15 questions on silicon.de.