Multiple Vulnerabilities in Linksys Smart Wi-Fi Routers

Linksys has acknowledged they are working to resolve multiple vulnerabilities in their Linksys Smart Wi-Fi routers, including the WRT and EAxxxx series, discovered by researchers at the cybersecurity firm IOactive. According to an article in the Register, which includes statements from the IOactive researchers, the "flaws could be abused to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted settings. Many of the active devices exposed were using default credentials, making them particularly susceptible to takeover." The details of the vulnerabilities have not been disclosed; however, Linksys has recommended disabling the Guest Network feature to mitigate the risk posed by these vulnerabilities. Linksys stated they will be releasing firmware updates to all affected devices. In the meantime, the NJCCIC recommends enabling automatic updates to ensure the firmware patch is installed as soon as it is available and change the default administrator password.