Overview
Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers. As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.
Description
IOActive (www.ioactive.com), a global cybersecurity consultancy, responsibly disclosed to Linksys that they had discovered vulnerabilities affecting multiple Linksys routers. The Linksys Security team has been working with IOActive to confirm and resolve all reported issues. We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled:
http://www.linksys.com/us/support-article?articleNum=140124#b
Solution
We are working to provide a firmware update for all affected devices. While we are building and testing the fixes we recommend performing the following steps:
1) Enable Automatic Updates. Linksys Smart Wi-Fi devices include a feature to automatically update the firmware when new versions are available.
http://www.linksys.com/us/support-article?articleNum=140124#b
2) Disable WiFi Guest Network if not in use.
http://www.linksys.com/us/support-article?articleNum=140861
3) Change the default Administrator password.
http://www.linksys.com/us/support-article?articleNum=142491
Affected Products
After thoroughly testing each device for the presence of the known vulnerabilities, we’ve identified the following devices.
WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM
EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
Source: http://www.linksys.com/us/support-article?articleNum=246427
