Linksys-routers Vulnerable due to multiple cgi-scripts
Linksys routers ranging from model EA6100 up-to EA6300 are Vulnerable and exploitable due to multiple cgi-scripts. The scripts can be used by an unauthorized attacker, which can get them access to the master password of the device.
Linksys' EA6100-6300 wireless routers will need a patch reports the register: KoreLogic has published an advisory saying that CGI scripts in the admin interface open the device up to remote attackers. Since it's a consumer product the risk is high that most of the devices out there never would be patched. The bad scripts include the bootloader, sysinfo.cgi, ezwifi_cfg.cgi, qos_info.cgi and others.
The disclosure is attributed to Matt Bergin of KoreLogic. His proof-of-concept code provided with the advisory includes testing the target device to see if its admin password remains set to default. At the time of writing, Linksys has not published a fix, so it's at the very least recommended to shut down remote admin access to any devices you're in contact with.
Senior Member
Posts: 1331
Joined: 2004-07-10
Not sure if I can really recommend TP-Link. Bought one last year; dual band model, worked fine for about 3 months and then it just went dead. Wasted $70. Switched to Linksys and has not caused any major issues for well over a year now. Although it does drop the connection every now and then but doesn't happen often. Compared to a Netgear one I had, that one was garbage.