Linksys SEEMS To Be Rolling Out Updated Router Firmware To Stop Routers From Getting Pwned

You might recall that I recently told you about vulnerabilities in numerous Linksys routers that were found by a security researcher which if exploited could end up in the router becoming part of a botnet among other things. Linksys was apparently working on updated firmware and it SEEMS that updated firmware is rolling out. I use the word seems for reasons that will become clear momentarily.

If I do a search of the Linksys download site for the latest firmware for the EA9500 which is one of the affected models, I see this:

Capture

Please note the highlighted section. A new firmware dated May 8th has been posted. I also verified that the previous firmware on this page was from early March of this year. I went to the release notes and saw this:

Firmware version:   1.1.7.180968
Release date:       May 8, 2017

- Update for compliance of the latest CE requirements (European models)
- Resolved intermittent issue of MAC filtering on wireless network not working properly
- Resolved issue of IPv6 incompatibility when prefix is not 64-bit (e.g. British Telecom)
- Resolved issue of DHCP reservation feature not working properly if user changes local network configuration
- Enhanced system stability
- Various security fixes

So it has “various security fixes”, but it isn’t clear if they are the fixes for this issue that was so widely reported. And if you search the Linksys website, there isn’t any additional info. So you have to assume that this is the updated firmware that affected Linksys router owners should install without delay. It would be nice if Linksys could clarify this and reinforce the urgency of installing this new firmware so that they ensure as many owners of their routers as possible get this fix. Plus it would close the loop on this issue.

More info as it comes as I have reached out to Linksys and IOActive (the group that found these issues) for comment.

UPDATE: I got this from Linksys late today (May 18th):

UPDATE #2: The release notes have been modified:

Firmware version:   1.1.7.180968
Release date:       May 8, 2017

- Update for compliance of the latest CE requirements (European models)
- Resolved intermittent issue of MAC filtering on wireless network not working properly
- Resolved issue of IPv6 incompatibility when prefix is not 64-bit (e.g. British Telecom)
- Resolved issue of DHCP reservation feature not working properly if user changes local network configuration
- Enhanced system stability
- Addressed IOActive security issues
- Additional security fix
Advertisements

One Response to “Linksys SEEMS To Be Rolling Out Updated Router Firmware To Stop Routers From Getting Pwned”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: