A serious flaw in the Linksys routers could allow an attacker to seize root privileges on the device, according to a blog post by pen-tester specialist DefenseCode.
As shown in a video, successful exploitation of a Cisco Linksys WRT54GL model gives the attacker root access on the locally installed Linux-based firmware. DefenseCode claims the vulnerability resides in the latest Linksys firmware (4.30.14), but older versions are also vulnerable.
â€œMonths ago, we’ve contacted Cisco about a remote preauth (root access) vulnerability in default installation of their Linksys routers that we’ve discovered,â€ the team wrote. â€œThey said that this vulnerability was already fixed in latest firmware release…Well, not this particular vulnerability, since the latest official Linksys firmware – 4.30.14, and all previous versions are still vulnerable.â€
Once logged into the router with root provileges, an attacker can do nearly anything, including snoop on network traffic as it passes from LAN to WAN, discover the network topology or, even more, change the DNS settings to redirect websites that the user trusts to phishing pages.
At the moment, DefenseCode estimates more than 70,000,000 routers are in circulation, routers that can be attacked and transformed into zombies. Moreover, as Cisco did not respond to the bug report yet, the full proof of concept will be fully disclosed, allowing nearly anyone to take these routers for â€œa spin.â€
To avoid trouble, block access to your WAN interface from the Internet. For more details about securing the router and your local network, check the guide on securing the wireless network.