Linksys Wireless Router Full of Flaws, Researcher Says

Linksys EA2700 Wireless RouterLinksys is taking heat for several vulnerabilities discovered in one of its wireless routers, which an expert said make any network hooked up to the router insecure.

The flaws, which run the gamut from simple to complex, specifically affect the Linksys EA2700 Network Manager N600 Wireless-N router, introduced last year and aimed for the everyday consumer and small-business markets.

San Jose, Calif., researcher Phil Purviance said it only took him half an hour to determine that the router was simply not safe to use.

“What I found was so terrible, awful and completely inexcusable,” Purviance said in a blog posting. “It only took 30 minutes to come to the conclusion that any network with an EA2700 router on it is an insecure network!”

[9 Tips to Stay Safe on Public Wi-Fi]

Digital Swiss cheese?

Purviance discovered the flaws while preparing to demonstrate how a malware worm could target a networked device.

“I thought it would be good to take a look at how Cisco’s newer devices did in regards to securing their administration features,” he said.

(Enterprise networking-hardware maker Cisco acquired the consumer-device maker Linksys in 2003, but after 10 years sold Linksys to rival consumer-device maker Belkin, in a transaction completed March 15.)

Upon examination of the router, Purviance found a cross-site-scripting flaw that would allow an attacker access, even without the proper authentication.

Another flaw could allow hackers to remotely change a router’s password and access other configuration controls. That weakness, Purviance said, was evidence that the router’s software never underwent a proper penetration test.

Another flaw, Purviance found, could be used in conjunction with a Web-hosted exploit to open the administrative controls and change the user’s password to the generic “password,” which hackers could then change later, effectively locking out the owner.

“This is just stupid,” Purviance wrote. “I don’t know whether to laugh or cry at this, because it’s essentially the same as putting an unpatched Windows machine directly on the Internet.”

Finally, Purviance found that adding a “/” character to any URL while browsing through the router’s administrative controls would reveal the page’s “Web-application-level source code that is used to convert the page to HTML.”

Purviance disclosed the flaws to the public “so that consumers may be aware of the risk.”

He said he had disclosed his findings to Cisco on March 5, before the sale of Linksys to Belkin was completed.

An email message seeking comment from Linksys was not immediately returned.

Not just this router

As of this writing, no security patches have been issued to address these vulnerabilities. Users operating a network on a Linksys EA2700 Network Manager N600 router may be vulnerable to attack.

As hacking becomes more lucrative and more sophisticated, researchers and cybercriminals alike are increasingly looking for flaws in networked devices not traditionally targeted by hackers.

In January, Boston network-security firm Rapid7 disclosed a flaw in a common networking protocol that affected tens of millions of devices, including consumer and small-business wireless routers made by Linksys, Belkin, Netgear, Siemens and Sony.

IT teams often overlook smaller devices such as modems and routers when taking stock of their network’s security, but those devices can be effective entry points for hackers looking to gain unauthorized access.

No matter which wireless router you use, make sure you enable WPA encryption on your Wi-Fi network and force users to input a strong password before gaining access. (The older WEP encryption standard is no longer considered safe.)

Make sure to change the router’s default administrative password, and use a strong password to protect those settings as well.

This story was provided by TechNewsDaily, a sister site to Follow us @TechNewsDaily, Facebook or Google+.

Email* (will not be published)
*Indicates required field
Submit Comments

All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options