Related Stories

  • Home and business Wi-Fi networks are vulnerable
    The majority of home computer networks are wireless and configured by non-technical people. Recognizing that this could lead to security weaknesses, the Wi-Fi Alliance developed the Wi-Fi Protected Setup Protocol (WPS) in 2007 to allow easy security configuration; and the majority of wireless router manufacturers have built this into their products as a default.
  • TSA probed for wireless security lapses
    The Department of Homeland Security’s Inspector General (IG) recently conducted an audit of the Transportation Security Administration (TSA), concluding that there were “high-risk vulnerabilities involving patch and configuration controls” for its wireless servers and routers.
  • Fortify cautions on new WiFi security threat
    The WiFi Alliance is putting the finishing touches to a peer-to-peer version of its popular WiFi standards. Known as WiFi Direct, the proposed standard allows WiFI devices to link directly to each other, without the need for a router or access point, something which poses a potentially serious security threat to companies with WiFi networks, according to Fortify.
  • Cross-site scripting (XSS) security problem hits broadband routers
    The problem of cross-site scripting (XSS) security flaws - which have affected hundreds of websites this year - has spread to broadband routers, as a security researcher claims that the Thomson wireless box III supplied by O2 leaves internet users "wide open" to the issue.
  • Trend Micro moves IT security onto routers
    Trend Micro, which claims to be the 'number three' IT security software vendor worldwide, has unveiled a new family of applications designed to run on networking routers, rather than computers.

Top 5 Stories


Researcher finds five security holes in Linksys home routers

11 April 2013

Last year, independent security researcher Phil Purviance demonstrated a vulnerability in a WRT54GL router that would allow a hacker to design an internet worm that targeted them and turned the routers into a powerful botnet that is able to monitor traffic across all types of networks.

He informed then-Linksys owner Cisco of the issue, and while Linksys has published a patch to the router, “as the change log indicates, the patch only addressed an unrelated XSS issue,” Purviance said in a blog post. “The latest firmware version 4.30.16 (build 4) remains vulnerable to the attack, dubbed Cross-Site File Upload (CSFU).”

Purviance also decided to look beyond that router to see if he could turn up any additional issues. “During my research process, I thought it would be good to take a look at how Cisco's newer devices did in regards to securing their administration features,” said Purviance. “I chose the Linksys EA2700 Network Manager N600 Wi-Fi Wireless-N Router because it is a major brand device, and was recently released in March 2012, making it an easy choice for home users looking for an easy to use home Wi-Fi router.”

He added, “What I found was so terrible, awful, and completely inexcusable! It only took 30 minutes to come to the conclusion that any network with an EA2700 router on it is an insecure network!” He said that after hooking it up, he spent about 30 minutes testing the security of the embedded website used to manage the device, then never used it again after discovering five major vulnerabilities in the device.

In addition to the aforementioned Linksys WRT54GL firmware upload CSRF vulnerability, there’s also a Linksys EA2700 cross-site scripting vulnerability that can be used to steal access to the device, change settings or assist in uploading backdoored firmware. A Linksys EA2700 file path traversal vulnerability allows users to get the router’s password file or other configuration files easily, and without ever logging in. “This vulnerability tells me that this routers software was never given a security pen-test because it is just too easy,” said Purviance.

Also, on a Linksys EA2700 router, he discovered that anybody on the same network can change the router's password and enable remote management, allowing access the network from the internet. It's also possible for a remote attacker on the internet to design a malicious website that would exploit the same vulnerabilities without actually being on the home network.

“This is just STUPID,” wrote Purviance. “I don't know whether to laugh or cry at this because it's essentially the same as putting an unpatched Windows machine directly on the Internet. This is just so sad that I really don't know what else to say about this. *mindblown.gif*”

Finally, he discovered that adding a "/" to any URL while browsing through the administrative panel opens up the raw source code of the page. “Feel like hacking the EA2700, but only have a keyboard with one character on it? If that character is a ‘/’ then you are in luck,” he said. “No, I'm not talking the HTML source code, but the actual web application level source code that is used to convert the page to HTML. I wonder how many more vulns you can find by going through the source code of this appliance.”

Purviance said that he sent his findings to Cisco in March. Cisco had no comment for Infosecurity on the issue, but we reached out to Belkin, which took over Linksys last month.

"Linksys is aware of recently cited alleged vulnerabilities on our EA routers," the company said in a statement. "However, last year (on June 26, 2012) new Linksys Smart Wi-Fi firmware was released to EA customers that would eliminate any such alleged vulnerabilities. If customers use methods of setup and configuration other than the methods recommended by Linksys, such as using Web browser setup (, or if customers use older firmware, they could be at risk of potential attacks. Accordingly, all Linksys EA customers are strongly encouraged to upgrade to the new Smart Wi-Fi firmware.”

It added, “We have and will continue to urge our customers to use our recommended methods of setup and configuration, and to change their user names and passwords periodically.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×