Skip to main content

Linksys E-Series Command Injection Vulnerabilities

Multiple vulnerabilities have been discovered in Linksys E-Series routers which allow an authenticated attacker to execute arbitrary code on an affected device.
Threat ID:
CC-2735
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Published:
18 October 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Multiple vulnerabilities have been discovered in Linksys E-Series routers which allow an authenticated attacker to execute arbitrary code on an affected device.

Threat details

The vulnerabilities lie in the routers' operating system, which can be exploited if a crafted HTTP request is sent to the network configuration. This can be achieved via command injection utilising the Router Name and Domain Name input fields in the routers' control panel.

Parameters that indicate a persistent configuration change are not filtered properly, and are therefore stored in the routers' non-volatile memory. A proof of concept has been published that exploits this to open a backdoor to a vulnerable device.

For further information:

Remediation steps

Type Step
Users and administrators are encouraged to obtain updated firmware from the Linksys support website. The firmware release notes can be checked to verify that the update addresses TALOS-2018-0625. At the time of publication it remains unclear whether updates have been released for all affected devices.

Last edited: 17 February 2020 12:47 pm