Stories
Slash Boxes
Comments

SoylentNews is people

Three Months on, No Linksys Router Patches for Remote Holes

posted by Fnord666 on Tuesday April 25 2017, @10:24PM   Printer-friendly
from the no-consequences- dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

More than three months after being informed about remotely exploitable vulnerabilities in 25 router models, Linksys is[sic] yet to issue patches to remedy them.

Researchers at IOActive Labs wrote that they had informed Linksys of 10 flaws on 17 January, six of which could be remotely exploited by unauthenticated people.

But as of last week, all that Linksys had done was to notify users through a public post and suggest workarounds until patched firmware was ready.

Given Linksys' inactivity, the IOActive Labs researchers said they were holding off on providing the full technical details of the flaws until patched firmware was ready for download.

Shit, even we can manage a fix in six months...

Source: http://www.itwire.com/security/77772-three-months-on,-no-linksys-router-patches-for-remote-holes.html

Original Submission

 
This discussion has been archived. No new comments can be posted.
Three Months on, No Linksys Router Patches for Remote Holes | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by kaszz on Wednesday April 26 2017, @01:07PM (1 child)

    by kaszz (4211) on Wednesday April 26 2017, @01:07PM (#499988) Journal

    The vulnerable models are:

    WRT Series: WRT1200AC, WRT1900AC, WRT1900ACS and WRT3200ACM.
    EAxxxx Series: EA2700, EA2750, EA3500, EA4500 v3, EA6100, EA6200, EA6300, EA6350 v2, EA6350 v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400 and EA9500.

    But now I found this little interesting bit! "Linksys, formerly a division of Cisco and now owned by Belkin".
    And we DO know the standing of Belkin [wikipedia.org] since their sneaky man-in-the-middle http hijacking for spam in 2003. Time to steam roll them!

    Seems the specific vulnerability is related to the www server and some other TCP service.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Tuesday May 02 2017, @06:54PM

    by Anonymous Coward on Tuesday May 02 2017, @06:54PM (#503040)

    https://forum.lede-project.org/t/autobuilt-images-for-wrt1200ac-wrt1900acv1-wrt1900acv2-wrt1900acs-wrt3200acm/3330/16 [lede-project.org] LEDE community automatic builds for this line of routers, wrt1200ac v2 is the best router for the money at 75 bux imo, if you want the best consumer router atm I'd go with the netgear r7800 with lede but that's $200.