Popular Linksys Router Vulnerable to Attack!

[JackMDS]

Just stumbled upon:

The Linksys Group Inc.'s BEFSR41 EtherFast Cable/DSL Router with 4-Port Switch is vulnerable to a remote DoS attack that requires the attacker to do nothing more than access a specific script on the router's remote management interface. The vulnerability affects all of the routers with firmware versions earlier than 1.42.7.

Quote from:http://www.eweek.com/article2/0,3959,663829,00.asp

 

[Jeff7]

Is there an option to simply disable remote management? I have a Dlink 701 gateway, and it has a simple checkbox to toggle remote access, and it's password protected.

 

[minendo]

Originally posted by: Jeff7
Is there an option to simply disable remote management? I have a Dlink 701 gateway, and it has a simple checkbox to toggle remote access, and it's password protected.

Yes it is found towards teh bottom of this page in the router's setup utility. Although, I do recommend that all uses of the Linksys router update their firmware to v. 1.3. Just download it from here and install it. The installation process took less then 10s and supposedly fixes the DoS attack vulnerability.

 

[mboy]

Remote management is disabled by default I believe. If you have new firmware or disable remote management, you are fine.

 

[Santa]

To reiterate.. and let others who may of missed this the first time..

More news web sites are starting to post this vulnerbilities and I can imagine it is only a matter of time before some seriously simple utilities for finding and crashing these routers pop up.

Update your firmwares and disable your remote managment now!

http://www.pcworld.com/news/article/0,aid,106632,tk,dn110402X,00.asp