[SingCERT] Alert on Linksys E Series Routers Vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955)

Published on Thursday, 18 October 2018 11:05

Background

Linksys E Series is a line of routers designed for small businesses and home offices. The routers are designed to connect home computers, internet-ready TVs, game consoles, smartphones and other devices to the Wi-Fi network. Three vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955) were discovered in the Linksys E Series line of routers. Successful exploitation of these vulnerabilities via specially crafted requests to the network configuration could allow attackers to perform arbitrary code execution.

Affected Systems

Linksys E Series line of routers with various firmware versions, such as Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04.

Impact

Attackers have to be authenticated with the device to exploit these vulnerabilities and they can do so by sending an authenticated HTTP request to the network configuration. Successful exploitation of these vulnerabilities could allow attackers to perform arbitrary code execution on the device which then enables attackers to take control of the device to perform malicious activities such as unauthorised installation of malicious codes.

Recommendations

Users are advised to update the firmware of the affected devices to the latest version released by the manufacturer.

Users can follow the steps below to update their firmware:

  • Visit the Linksys Support site at https://www.linksys.com/sg/support/
  • Enter the model number of the router and click on the router icon
  • Click on the "DOWNLOADS/FIRMWARE" button
  • Select the latest version and update your router

References

https://www.talosintelligence.com/reports/TALOS-2018-0625

https://blog.talosintelligence.com/2018/10/vulnerability-spotlight-linksys-eseries.html

https://blogs.cisco.com/security/talos/vulnerability-spotlight-linksys-eseries-multiple-os-command-injection-vulnerabilities