Before you ask, yes, we did just get finished telling you about a recent report that exposed vulnerabilities in up to thirteen popular routers. Wouldn’t you know it? Right after publishing that post, we found another story about a popular router with gaping vulnerabilities.
In this case, Ars Technica is reporting about a major bug in the “classic firmware” for the Linksys EA2700 Network Manager. According to the article, the browser-based administration panel features a cross-site forgery weakness which, as we covered in our last post, sends unauthorized commands from an otherwise trusted website. Combine that with the fact these routers such as the EA2700 don’t require the current passcode to be entered when the password is changed, and voila! All a hacker need do is lure you to a malicious website and your router is primed for exploitation.
Sadly, the EA2700 does not have the capability of being upgraded to open source firmware like DD-WRT, Tomato, or OpenWRT due to the Marvell chipset. These sorts of firmware issues don’t arise when you’re dealing with a router flashed with advanced open-source firmware like DD-WRT or Tomato. Aside from making your wireless network infinitely more functional and fast, the security provided by a Tomato or DD-WRT router is all you need to ensure that your online presence is fully protected. Protect your neck (or network. Sorry…listening to Wu-Tang)!