Linksys Wireless Router Full of Flaws, Researcher Says

A security expert has warned, that the Linksys EA2700 router can expose users to a variety of exploits that allow remote attackers to take full control of the device. According to Phil Purviance, an information security specialist at AppSec Consulting, the most severe of the vulnerabilities in the "classic firmware" for the Linksys EA2700 Network Manager is a cross-site request forgery weakness in the browser-based administration panel.

"What I found was so terrible, awful and completely inexcusable," Purviance said in a blog posting. "It only took 30 minutes to come to the conclusion that any network with an EA2700 router on it is an insecure network!"

"If you have this router on your network and you browse [a] malicious website, five seconds later your router now has a new password and is available from the Internet," Purviance added. "So [an attacker] can just log into it as if [he] was on your network."

Then, an attacker could do anything a normal administrator could do, including installing a version of the device firmware that contains a backdoor and changing settings to use malicious domain name lookup servers.

A statement issued by officials from Belkin, which recently acquired the Linksys brand, said the vulnerabilities documented by Purviance had been fixed in the Linksys Smart Wi-Fi Firmware that was released in June.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules