Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
Linksys Small Office Routers Open to Exploit
Linksys, one of the UK’s leading providers of routers for small offices and home users, has been hit by the news that a number of its routers are vulnerable to a simple exploit that could allow an attacker to gain remote access to a computer.
The problem is related to a worm known as ‘The Moon’, which was identified last week by researchers at the SANS Institute as a self-replicating malware that exploits an authentication bypass vulnerability to infect Linksys routers.
The exploit was made public on Exploit-db.com by user Rew, reported The Register. A list of possibly vulnerable routers was given, including models from the E-Series and Wireless-N product line. The devices listed were E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N. Rew did note, however, that the list might not be completely accurate or complete.
SANS, which believe that the vulnerability in E-Series routers is located in a CGI script that is part of the administration interface, said that the vulnerability is also dependent of firmware revision. Unfortunately, as noted by The Register, some of the devices listed are no longer supported.
“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled,” Linksys told The Register in a statement.
“Linksys ships these products with the Remote Management Access feature turned off by default. Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware. Customers who have enabled the Remote Management Access feature can prevent further vulnerability to their network, by disabling the Remote Management Access feature and rebooting their router to remove the installed malware.
“Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”
Safeguard your Network
Cybercriminals targeting home and small office routers is becoming increasing commonplace, as highlighted by this recent case and the attacking of online banking users in Poland. To safeguard your network, it is vital that you have Cloud Web Security installed to detect and eliminate any threat of malware at cloud level.
Follow this link find out more about ITWiser’s Cloud Web Security service.