If you use a Linksys router, you need to drop everything now and upgrade it

If you own a Linksys WRT54GL or EA2700 router, both devices have serious security vulnerabilities. Serious enough that the only way to continue using them safely is to load an alternative firmware such as DD-WRT on them. That’s not entirely a bad thing; DD-WRT is more capable, and unlike most consumer-oriented firmware, allows you to disable WPS.

The EA2700, in particular, is so trivially easy to hack it’s laughable–all it takes is entering a predictable URL into a web browser. That’s it.

Given the lack of quality assurance that clearly went into the EA2700, I would be suspicious of all Linksys devices. Not all of them are necessarily as bad as the EA2700, but considering the WRT54GL dates back a decade and has at least one unresolved issue, it logically follows that other devices from the same manufacturer also have hidden problems.

The problem with this is that the whole idea of a consumer router is for it to be stronger than the computers that are behind it, so it can protect the computers on its network from the hostile Internet. Calling these devices equal to an unpatched Windows computer is, if anything, an understatement. In four years of presenting analysis of Windows patches to a change control board, I never saw a Windows vulnerability that let someone steal a password file or reset a configuration by punching a URL into a web browser.

Someone with rudimentary shell scripting ability could scan entire network ranges for vulnerable Linksys routers and reset their configurations, then use them to pivot onto the computers behind them. And since the Internet connection would probably continue to work, the owner of the compromised router probably wouldn’t notice for months, if ever.

There’s some disagreement over whether installing DD-WRT fixes a hacked router. Given the limited capability of these boxes, I think you’re probably OK, but if you’re paranoid and want to be really safe, you may be better off just replacing it with a similar Netgear or Asus model. Theoretically someone could sabotage the web interface to make it re-infect a DD-WRT image as you write it to the device, but given the cramped quarters in these devices, I think it’s a nicer theory than practice.

If you found this post informative or helpful, please share it!