Tag Archives: Linksys Vulnerability

How to Protect Your Home Network from VPNFilter Malware

Last week, Cisco Talos revealed a dangerous malware known as VPNFilter.

VPNFilter is a malware bug originally from Russia. It may be possible VPNFilter is connected to the Russian government. The majority of reported VPNFilter attacks are coming from Ukraine. Furthermore, this bug is not limited to Eastern Europe. VPNFilter has infected at least 500,000 devices in at least 54 countries.

This is a particularly dangerous bug. VPNFilter can delete itself and render infected routers inoperable. Additionally, VPNFilter may be used to incorporate infected routers into a botnet to be used in a Distributed-Denial-of-Service attack.

Routers Targeted by VPNFilter (Updated 6/7/2018)

Is your router one of the affected devices? Here is the list of routers targeted by VPNFilter:

Asus Devices

  • RT-AC66U
  • RT-N10
  • RT-N10E
  • RT-N10U
  • RT-N56U
  • RT-N66U

Netgear Devices

  • R6400
  • R7000
  • R8000
  • WNR1000
  • WNR2000
  • WNR4000
  • WNDR3700
  • WNDR4000
  • WNDR4300
  • WNDR4300-TN
  • UTM50
  • DG834
  • DGN1000
  • DGN2200
  • DGN3500
  • FVS318N
  • MBRN3000

Linksys Devices

  • E1200
  • E2500
  • E3000
  • E3200
  • E4200
  • RV082
  • WRVS4400N

D-Link Devices

  • DES-120-08P
  • DIR-300
  • DIR-300A
  • DSR-250N
  • DSR-500N
  • DSR-1000
  • DSR-1000N

Protect Your Home Network from VPNFilter

If you own any of the routers on the above list, it is recommended you take several steps in order to ensure the safety of your home network.

  1. Update Your Router Firmware: Go to your router’s admin page and go to the Advanced or Management section to check for firmware updates. Furthermore, Open Source DD-WRT and Tomato firmware can be used to replace your router’s default buggy firmware and any other issues that may be contained within it. If the device you own is Open Source compatible, FlashRouters can upgrade the firmware for you. Find out if we support your router with our Support Plans.
  2. Perform a Factory Reset: Holding your router’s reset button for five to ten seconds will reboot the router. This will return the router to default settings and potentially clear the device of VPNFilter.
  3. Change Your Router Password: This is a simple step, but a necessary one if your device has been hacked. Changing your password will prevent access to your router from any hacker who has the previous login key.
  4. Turn off Remote Administration: Check your router’s firmware to make sure you have Remote Administration turned off. If this is on, hackers will be able to access your device more readily.

Protecting Your Network with a VPN FlashRouter

Using an Open-Source FlashRouter equipped with a Virtual Private Network is recommended for protecting your network from any outside intrusion.

A FlashRouter, like the above pictured R7000 Netgear Nighthawk DD-WRT, can be used to secure your entire home network. Moreover, it is not only the Open Source firmware that will protect your device from factory flaws.

Using a Virtual Private Network will allow you to encrypt your entire network by tunneling all of your VPNFilte rtraffic through a VPN server. Many devices, such as Smart TVs and game consoles, can only go through a VPN if they are on a VPN router. Furthermore, you will appear as if you are in the location of the VPN server according to outside traffic.

Taking advantage of a VPN router is a great first step towards building a hacker-free network.

Preventing The New Linksys Firmware DDoS Vulnerability

Here we go again. Unfortunately, with stock router firmware vulnerabilities are nothing new. Netgear routers were recently affected by a bug in their firmware. Additionally, D-Link was affected by a vulnerability which was patched in Spring of last year. Previously, Asus was in legal trouble with the FTC for known security flaws in their firmware.

Linksys experiences bugs as well. Security researchers at IOActive are identifying several vulnerabilities in Linksys router firmware. These vulnerabilities allow hackers to bypass authentication and perform denial of service (DDoS) attacks.

The good news? Linksys is working on a fix for the vulnerabilities. The bad news? This issue affects more than two dozen models of Linksys wireless routers in the WRT and EA series. You can see the full list of in-danger models here:

From the WRT series: WRT1200AC, WRT1900AC, WRT1900ACS, WRT3200ACM

From the EA series: EA2700, EA2750, EA3500, EA4500 v3, EA6100, EA6200, EA6300, EA6350 v2, EA6350 v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500

How To Protect Yourself From Linksys Firmware Vulnerabilities

We recommend a FlashRouter with open source DD-WRT firmware. Flashing a router with open-source firmware completely replaces the stock Linksys firmware (and it’s security flaws) normally found on these models. Furthermore, this makes the router more stable and more secure by allowing for an array of benefits including advanced security features.

The most popular Linksys model we offer is the Linksys WRT1900ACS DD-WRT router. It has a 1.6 GHz Marvell processor and 4 external antennas. This makes it a fantastic balance of range and power.

Need a bit more power? There’s also the Linksys WRT3200ACM DD-WRT. It also has 4 external antennas but has a 1.8 Ghz processor. What does the “M” in “ACM” stand for? The “M” stands for MU-MIMO. MU-MIMO allows for the router to communicate with multiple devices simultaneously. This increases the speed of the WiFi network, by limiting interference between devices.

Already Own A Linksys Router?

Additionally, if you already own a Linksys model that we support, we can flash it remotely with DD-WRT firmware with our remote support plans. After purchasing a support plan, simply email our support team to setup a remote TeamViewer session and they will remotely flash your router with DD-WRT firmware

Have Any Additional Questions?

Reach out to our friendly and helpful sales staff and we’ll be happy to answer any questions you may have and provide whatever expertise to help you find the best solution for you.

Firmware Flaws News Roundup From FlashRouters

Failing firmwares put people at risk.

FlashRouters Firmware Flaws News Roundup

Typically, at FlashRouters, we like to do the occasional hacking/cyber security news roundup when a big collection of stories has accumulated. Sometimes that takes a while, but sadly, there have been so many stories just devoted to the sub-topic of failing firmwares and firmware flaws that we’ve been able to make a whole new roundup on that alone.

It’s truly unfortunate that stock firmwares are so consistently failing users in terms of maintaining their online security. It’s a major issue, and we at FlashRouters are doing what we can to combat the problem by offering routers flashed with DD-WRT and Tomato like the new Linksys WRT1900AC DD-WRT pictured below to open-source replacement firmwares that not only eliminate these glaring issues, but add a whole new level of functionality and versatility to your wireless network.

Linksys WRT1900AC DD-WRT Open Source Firmware Installed For Upgraded Security

Linksys WRT1900AC DD-WRT

Check out some of the year’s top DD-WRT routers and some of our recent best-sellers if you’d like to get a better sense why a FlashRouter is just what you need to keep your online data safe. And if you’re still not convinced, the firmware flaws on display in the news stories below ought to do the trick.

Router Firmware Flaws & News

Major Attack on Cisco Routers – SYNful Knock is the clunky but ominous name of the major vulnerability discovered in Cisco routers by the security research firm FireEye. Apparently, SYNful Knock allows hackers to take over of enterprise-grade routers, which puts all devices on the network at risk of infection. Click the link to find out if your router is among the infected models.

A Serious Vulnerability in Certain Netgear Routers – Several thousand Netgear routers feature a vulnerability that could allow a hacker to redirect your web browser to a website featuring malware. Netgear has released a firmware update that addresses the issue, so if you have a router on the list of the potentially affected, we recommend downloading that update and fast.

ZHONE Routers Vulnerable to Zero-Day Exploit – ZHONE routers used by some of the top companies around the world feature a vulnerability that makes them susceptible to remote hijacking. In fact, seven (!) vulnerabilities were found on these routers which, incidentally, are the router of choice for a Singaporean ISP. The ISP has issued patches for these vulnerabilities, but it’s questionable that your average ISP-user has the know-how to take advantage of the patches.

Good Luck Out There, Owners of Older Huawei 3G RoutersIf you own one of a dozen models of Huawei 3G routers, we hope you don’t mind having your DNS settings changed, or being redirected to a site with malware. Major vulnerabilities have been detected in these routers, but Huawei have determined that these routers are outside of their support cycle, and therefore they have no intention of doing anything about the issue. So again, good luck out there.

Linksys WRT1900ACS Is Ready for Open Source Tinkering – Okay, we admit there’s no bad news on this one. We’re just excited about an updated version of a beloved router that is now capable of supporting open-source firmware. Got to have some good news in there to break up the drudgery.

Keep up with all of the latest cyber security news by following us on Twitter and liking us on Facebook

Router Hacking News Roundup

FlashRouters collects the latest router hacking news.

Router Hacking News Roundup

One of our primary goals at FlashRouters is to provide our customers with the most secure wireless devices that money can buy. In an age where invasive governments and cybercriminals are only becoming more and more bold, we consider it a sacred duty.

And we’re going to keep on keeping on with that aforementioned goal as a guiding principle, especially considering that there seems to be disturbing news about router hacking every other week. In fact, we’ve collected some of the most recent stories, just to give you an idea of the sort of vulnerabilities that exist out there.

But before we get to that, we insist on reminding you that with the right FlashRouter and the right VPN service provider on your side, you can avoid losing sleep about the security of your banking information, e-mails, and other sensitive online data. In fact, we have a whole best-sellers list full of terrific choices for the more conscientious online denizen.

Anyway, onto the news…

Router Hacking News

Router DNS Attack Brings Pornography and Game Ads to Popular Websites – Let’s start by looking at a router attack that is particularly mischievous. Hackers have figured out a way to confuse routers into sending incorrect DNS results. Many websites use Google Analytics, and this hack basically bypasses Google Analytics and sends faulty code instead, the result of which is pornography and game ads popping up on your screen that seem to originate from popular websites, but are instead coming from a hacked router.

Routers Provided By ISPs Vulnerable to HacksDon’t assume a router provided by your Internet Service Provider is necessarily safe; in fact, more than 700,000 of the ADSL routers ISPs provide are not. A “directory traversal” flaw in a firmware component called webproc.cgi that exists in these routers has a major vulnerability that allows would-be hackers to find your administrative credentials. Suffice to say, at that point, the router and your network are no longer within your control.

Common Hotel Routers Supremely Hackable – We’re going to get deeper into this one in an upcoming post, but the invaluable security firm Cylance has discovered a flaw in routers used by 8 of the 10 biggest hotel chains in the world. In addition to allowing attackers to download malware to your devices, this flaw gives potential attackers access to your data transmissions, and even the hotel’s keycard and reservation system. Sadly, security experts are pretty certain that most hotels will do little to correct this issue.

12 Million Home and Business Routers Vulnerable to Critical Hijacking HackWhile we’re on the subject of routers that are both common and problematic, here’s a bug, humorously dubbed “Misfortune Cookie”, that has shown up in devices from companies like Linksys, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL. The issue is in the “RomPager” software, and apparently could allow hackers to gain administrative control and mess with the devices memory.

Feds Warn Airlines to Watch Out for Passengers Hacking Jets – And for our final story in this section, we figured we ought to go ahead and scare the daylights out of you. Terrifyingly, the FBI and the TSA have issued a warning to airlines, asking them to be on the lookout for anyone who might be trying to hack an airplane’s wireless network, and thus commandeer, say, the plane’s navigation system. Reassuringly, the FBI and the TSA claim that these threats are merely theoretical, and as of yet, they have no information that suggests a hacker could actually pull this off.

And Now (Because You’ve Earned It) the Lighter Side of Router News

The Star Trek USS Entepreise WiFi Router

The Star Trek Router (photo from Gizmodo)

Some Guys Decked Out Their Router Like The USS Enterprise (And You Can Too) – A couple of enterprising (forgive us) fellas have figured out a fairly basic way to have their router integrated into a model of Star Trek‘s USS Enterprise. It looks pretty damn cool and not all that hard to arrange for yourself. There. Doesn’t that feel a little better after all of the danger and terror documented in the stories above?

Follow FlashRouters on Facebook and Twitter to keep up with all of the latest online security news. 

The Linksys Fix: How to Avoid the Linksys Zero Day Firmware Exploit

These models are discontinued. For other DD-WRT models, please check out our DD-WRT Routers Page.

how-to-avoid-the-linksys-zero-day-exploit

According to a wide array of reports, a Zero Day exploit has been found for Cisco Linksys Routers that use default Cisco firmware. What does that mean in plain English?

For all of you out there using any Cisco Linksys router (of which there are over 70 million in circulation), you should know that DefenseCode, an information security consultancy and vulnerability research company, has recently discovered the flaw, disclosed the issue to Cisco and will soon release the exploit to the general public. This is done to pressure companies to act swiftly and proactively to prevent security holes.

The Register UK reports:

According to Help-Net Security, it took DefenseCode just 12 days to develop the exploit. The company says it contacted Cisco, Linksys’s owner, “months ago”.

The vulnerability affects all versions of Linksys firmware up to and including the current version, 4.30.14. DefenseCode intends to release a full description of the vulnerability within two weeks.

Cisco has made the following statement to The Register: “Linksys takes the security of our products and customers’ home networks very seriously. Although we can confirm contact with DefenseCode, we have no new vulnerability information to share with customers – for our WRT54GL or other home routers. We will continue to review new information that comes to light and will provide customer updates as appropriate.

If you would like to see the Zero Day exploit in action, DefenseCode has posted a YouTube video showing it in action, although it is primarily just a command line interface with some music behind it that will likely mean little to the average consumer.

This Linksys Zero Day exploit exposes anyone who owns or uses any Cisco Linksys device with default firmware ranging from the old-school Linksys WRT54G to the Linksys E4200. If this hack is released to the general public and users do not upgrade their hardware, Linksys router owners will instantly become susceptible to the nefarious whims of any random person with a bit of networking know-how who wants to gain access to their network.

It is likely that, even if a fix arrives, most users will not even know that this is an issue and this bug will linger on user’s systems for years. How scary is that?

We here at FlashRouters feel this is an emergency issue in need of immediate attention and disclosure, so please, SPREAD THE WORD! Keep reading for a few options detailing how your home or small business network can avoid becoming the next victim.

How to Prevent Being a Victim of a Cisco Linksys Zero Day Hack

#1: Wait for a Cisco firmware upgrade and hope for the best

Trust that Linksys will fix this issue before it gets into the hands of hackers, and hope they release firmware to plug the hole. We recommend all Linksys router owners keep an eye on Cisco’s site as they claim to be working on another solution. Although, when they were originally contacted, Cisco claimed that their Linksys firmware had already been upgraded and fixed to plug that hole (which was untrue.)

#2: Replace the firmware on your router with an open-source solution.

Check if your router is a candidate for a firmware upgrade with DD-WRT, TomatoOpenWRT, or any other of many open-source firmware options. You can find a full list of alternative router firmware projects on Wikipedia. (If you are not aware of what firmware is and how it differs from software, you can lean more on our What is Firmware entry.)

The issue with many of these open-source firmware projects is twofold: first, not all routers support a firmware upgrade, so you have to make sure that yours does. Next, you have to upgrade with the proper firmware version.

It is important to note that not every router is supported by every firmware. DD-WRT supports the largest variety of routers with varying degrees of networking functionality and has a searchable, supported router database.

The maze to finding the proper firmware and to confirm that it actually works properly once it is flashed can be a bit overwhelming. You can dig and research for hours, and even days, for exactly the right firmware version that functions properly and is stable.  It can be a very frustrating process (we know from much experience). The DIY mentality of these projects is laudable but sometimes the organization of the files to use and how to perform the flash can leave something to be desired for the average user who is unfamiliar with this space.

On top of that, it is also very possible that improper flashing will lead to bricking, meaning it will turn your router into a nonfunctional brick, so please review all flashing procedures before taking this task on yourself as we can not be liable if you perform an incorrect flash on your own device. Flashing router firmware on your own is only recommended for intermediate to advanced users who have some knowledge of networking, and a grasp of telnet or the classic command line interface.

#3: Upgrade to a new router with upgraded non-Linksys firmware such as DD-WRT or Tomato.

netgear-ddwrtIf your network has been stalling or has not been  up-to-snuff, this serious networking security issue gives you the perfect impetus to upgrade your router in order to fully support all your latest gadgets and devices from the holiday season.

Since this is a very recent issue, going out and just buying a new Linksys router will not be enough as these products were manufactured months, or even years, ago.

Our pre-flashed Cisco Linksys DD-WRT devices (E1000, E1200, E2000, E3000, & the E4200 V1) allow you to allay your fears of the Linksys Zero Day bug and diminish your worries of other security vulnerabilities by replacing the stock firmware with the more powerful DD-WRT equivalent.

A DD-WRT upgrade will replace the vulnerability while simultaneously providing your network with advanced functionality/features such as QoS bandwidth management, the ability to overclock your router CPU for additional processing power, integrated HotSpot options, adjust antenna transmission strength, and integrated VPN options (OpenVPN, PPTP, L2TP). (Read more about advanced DD-WRT features).

For those interested in Tomato, take a look at the high-end Netgear Nighthawk R7000 Tomato device.

Every FlashRouter order includes a free custom home networking configuration guide, a custom setup guide, and networking support including VPN service provider setup. 

Using a FlashRouter can make your network infinitely more stable and easier to customize/tweak for future networking needs, as our desire for improved WiFi and performance fills our daily lives. Make your life easier and watch confusing wireless networking setups become a thing of the past. We can promise the following:

  • An extensively tested version of  DD-WRT will be flashed on your router.
  • Personalized Custom Configuration & Setup Guide: A FlashRouter configuration specialist will personally contact you to tailor your new router to your networking plans if you don’t tell us in your Order Comments.
  • Online Tech Support: Our support staff is available to make sure your DD-WRT router and VPN service connection gets up and running. Satisfaction Guaranteed!
  • Free VPN Service Integration: We offer setup guides for just about every VPN service, including: NordVPNExpressVPN, IPVanish, PrivateInternetAccess, and many more.
  • Speedy worldwide shipping.

It is sad to say, but it is not in the interest of these companies like Cisco to offer many advanced features in their routers, as they prefer that you buy more expensive models in order to get these high-powered features that open source firmwares like DD-WRT offer.

Besides their lackluster firmware offerings, they owe it to their customers to publicize this issue or risk a huge backlash from the average user who might stumble upon this information too late, like, for instance, after they are hacked and their network becomes a haven for possible criminal activity without their knowledge because they trusted that Cisco had their back.

Be diligent, be aware, and be safe, because your online security is not something to take lightly. If it only took DefenseCode 12 days to find this hack, who knows how long it will be until someone finds the next Zero Day flaw in Cisco or another router manufacturer’s buggy & lackluster firmware? Maybe they already have…

Want more InfoSec updates, security flaw information, and the latest in open-source firmware/DD-WRT and privacy news follow us on Twitter (@flashrouters) or like us on Facebook.