By Brett Glass
ExtremeTech
In a previous ExtremeTech Security Update, we described vulnerabilities in SOHO routers manufactured by Linksys -- including some DSL and wireless products -- that could lead to denial of service attacks and/or a complete takeover of the hardware. Unfortunately, the first round of firmware upgrades offered by Linksys did not completely solve the problems, leaving even those customers who thought they'd plugged the holes open to attacks.
According to an extremely detailed advisory by Core Security Technologies, the model numbers that have unpatched bugs include:
- Linksys BEFW11S4 v2 Firmware v1.42.7 through 1.43.3
- Linksys BEFSR41 / BEFSR11 / BEFSRU31 Firmware v1.42.7 through 1.43.3
- Linksys BEFSR81 Firmware v2.42.7.1
- Linksys BEFN2PS4 Firmware v1.42.7
- Linksys BEFSX41 Firmware v1.43.x
- Linksys BEFVP41 Firmware v1.40.2 and v1.40.3
Linksys is now providing newer versions of the firmware which plug all known holes. To get the latest firmware for your system, go to http://www.linksys.com/download/, select your router's model number, press the button labeled "Downloads for this product," and click "Firmware" on the page that appears.
Some Linksys SOHO products use firmware, or complete designs, licensed from other companies. Unfortunately, no information is available as to whether products sold under other brand names have the same bugs.
Source: ExtremeTech
http://www.extremetech.com/article2/0,3973,746598,
