Cisco’s Linksys SMART WiFi EA Series Routers Vulnerable to Password Exposure.
The Carnegie Mellon’s CERT advisory today warned that Cisco’s Linksys SMART WiFi EA series routers have two firmware vulnerabilities that could expose the administrator password thus allowing the potential hacker complete freedom over the system.
Carnegie Mellon CERT Advisory
The CERT advisory says that all Linksys SMART WiFi EA series routers firmware contains two severe vulnerabilities, CVE-2014-8243 and CVE-2014-8244. It also said that if the firmware is not updated by the users, potential attackers can get hold your your sensitive information and the administrator password in MD5 hash.
CWE-320: Key Management Errors – CVE-2014-8243
The first vulnerability CVE-2014-8243, allows an “unauthenticated attacker on the local area network (LAN) can read the router’s .htpassword file by requesting http(s)://<router_ip>/.htpasswd.” By exploiting this vulnerability, a hacker can find your administrator password as an MD5 hash in the “.htpasswd” file. However to exploit it, the hacker has to be connected to the routers network. This means the attacker has access to the router’s network but not to the router’s administrator panel.
CWE-200: Information Exposure – CVE-2014-8244
This vulnerability is much more severe than the first one and allows the hacker to read and/or modify sensitive information like your password etc on the router. This vulnerability can be exploited by hackers remotely sending a specially crafted HTTP POST request to the http(s)://<router_ip>/JNAP/” from any location. The potential hacker can use the JNAP action as he wants to exploit this vulnerability.
The Java-based JNAP utility, built on the Java Portal Communication Module (Java PCM) API, is used to “to test the database connection, load flists from files, use the flists as input when calling opcodes on the server, and display output flists,” according to its documentation on Oracle’s web site.
In addition to above vulnerabilities, the Linksys EA series routers also expose several ports of the administrator interface by default. The ports such such as 100080 and 52000 are exposed by default depending on the model of the Linksys router.
Vulnerable Routers and their fixes
Cisco has released fixes for the two vulnerabilities for the following routers (You can click on the model number to get the patch for your model) :
However the fixes for Linksys EA series EA2700 and EA3500 routers are yet to be released so users these models may be vulnerable to hack attacks.
The top cyber watchdog, National Institute of Standards and Technology (NIST), which runs the National Vulnerability Database (NVD) is review the vulnerability for further action.