Linksys Router Flaws Exposed, Poc Published, Patch Unavailable!
Cybersecurity researchers have recently disclosed two significant security vulnerabilities in the Linksys E5600 router, both of which could allow attackers to perform command injections. These findings, identified by the CoreSecurity OT/ICS Research Team, are particularly concerning as they affect routers operating on Firmware Version 1.1.0.26, for which no patches are currently available.
Understanding the Vulnerabilities
The vulnerabilities, cataloged as CVE-2024-33788 and CVE-2024-33789, both involve command injection exploits that can be triggered due to insufficient input validation mechanisms within the router’s firmware.
CVE-2024-33788: Wi-Fi Protected Setup Flaw
The first vulnerability, CVE-2024-33788, arises in the Wi-Fi Protect Config setting of the router. When a user registers a device using a PIN number, the input is not adequately filtered, allowing for command injection. The specific flaw is located in the router’s Lua script at squashfs-root/usr/share/lua/runtime.lua:1561 where the pt[”PinCode”] value is processed.
Malicious actors can exploit this by injecting commands that the router’s operating system will execute.
CVE-2024-33789: Diagnostics Trouble
The second vulnerability, CVE-2024-33789, is found within the router’s Diagnostics menu, particularly in the ping test function. Here, the input for IP or URL addresses is not properly sanitized, leading to potential command injections. This issue stems from the same Lua script, but at a different point (squashfs-root/usr/share/lua/runtime.lua:491).
The pt[”ipurl”] field, when manipulated with malicious input, could cause unauthorized command execution, allowing attackers to potentially take control of the device.
Implications of These Flaws
Both vulnerabilities expose users to significant risks, as attackers can leverage these flaws to execute arbitrary commands on the routers. This could lead to unauthorized access to the network, data theft, or even further spread of malware within connected systems. The nature of these vulnerabilities makes them extremely critical, especially in environments where routers like the Linksys E5600 are deployed in large numbers or in sensitive contexts.
The Worrying Factor:
These vulnerabilities are reported to affect Linksys E5600 routers running firmware version 1.1.0.26. Critically, no official patches are currently available. This lack of a security update puts numerous devices at continued risk of exploitation. Additionally, the publication of proof-of-concept code [1, 2] by CoreSecurity means malicious actors now have a blueprint for potential attacks.
What You Can Do to Protect Yourself
- Check Your Firmware: Verify the firmware version installed on your Linksys E5600 router. If it’s the susceptible version, take measures to minimize the risk.
- Disable WPS if Possible: While convenient, Wi-Fi Protected Setup has known weaknesses. If it’s not essential for your setup, disable WPS on your router.
- Be Very Careful with Diagnostics: Avoid using the ping test tool from the router’s interface unless necessary. If you do, input only known and trusted IP addresses or websites.
- Monitor for Updates: Keep a close eye on Linksys support channels for any news of an official firmware patch. Once an update becomes available, apply it immediately.
- Consider a Replacement: If your router is a few years old, it may be time to consider an upgrade to a more modern and actively supported model with stronger security features.