Austria
Belgium
Switzerland
Czech Republic
Germany
Denmark
Spain
Finland
France
Greece
Hungary
Italy
Netherlands
Norway
Poland
Portugal
Romania
Russia
Sweden
Ukraine
United Kingdom
Linksys Security Advisories
CallStranger Vulnerability (6/16/2020)
Fake COVID-19 Message and Malware (3/30/2020)
Bad Packets Report (Date: 5/14/2019)
Talos Vulnerability Report (Date: 10/16/2018)
VPNFilter Malware (Date: 5/25/18)
KRACK Fixes (Date: 5/21/18)
Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)
Reaper Botnet Vulnerability (Date: 10/25/17)
KRACK Advisory (Date: 10/19/17)
IOACTIVE (Date: 4/20/17)
CallStranger Vulnerability (6/16/2020)
Belkin is aware of the recent CallStranger vulnerability which was made public on June 8th, 2020. We agree with the researcher's assessment and working to release firmware updates to all products which could be affected. We also recognize that the highest risk of this vulnerability impacts devices which have UPnP services directly exposed to the internet, which Linksys routers and Wemo products do not do. We recommend that all customers ensure that their router's firewall is enabled (https://www.linksys.com/us/support-article?articleNum=140652) and not forwarding any ports that were not intended (https://www.linksys.com/us/support-article?articleNum=136711). We also strongly recommend that you have an anti-malware software installed and updated on any computers connected to your home network.
Fake COVID-19 Message and Malware (3/30/2020)
Our Customer Advocacy Team, as well as several news outlets, have reported an increase number of fake COVID-19 messages appearing on user’s web browsers prompting them to download malware. In analyzing our cloud traffic patterns, we believe there is a coordinated effort to maliciously access and modify Linksys Smart Wi-Fi Accounts using credentials stolen from other websites. Although we have taken additional steps in the cloud to combat these attempts, out of an abundance of caution, we would like all Linksys Smart Wi-Fi users to reset their passwords (not using any previously used passwords and to consider using a mixture of lower and uppercase letters, numbers, and special characters); you will be prompted to do so the next time you log in. Other precautions you can take are to verify your router’s DNS settings and to make sure your antivirus/malware detection programs are up to date and run a full scan.
Bad Packets Report (Date: 5/14/2019)
Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network. We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled.
Talos Vulnerability Report (Date: 10/16/2018)
Linksys was notified of TALOS-2018-0625 and quickly worked with the Talos team to root cause the vulnerability and provide new firmware to our customers. This vulnerability was identified to exist in only the E1200v2 and E2500v3 routers (other versions of the same models are not impacted by this vulnerability). Customers are highly encouraged to update their routers and can find instructions how to do that here.
VPNFilter Malware (Date: 5/25/18)
Below is an update on the affected devices, which include Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders, and Wemo Products. When firmware is available, it will be posted to the associated brands’ support page.
For the original advisory by Belkin International concerning the KRACK vulnerability, including details on the vulnerability and the possibly affected products, click here.
Wemo Update (Date: 2/6/18)
KRACK and DNS mask vulnerability fixes have been implemented into each core Wemo device firmware. Wemo Mini and Dimmer have one small additional fix / enhancement for setup which allows for an easier transition from the Wemo AP to the router AP during setup.
Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)
The Reaper Botnet has integrated a new exploit for routers. For the Linksys E2500 v1, v2, and v3, these devices were patched for the Reaper Botnet vulnerability. You may check the latest release notes here. We continue to monitor its progress and update our products with the necessary firmware.
It is recommended that users regularly check our security advisory page for updates regarding new vulnerabilities, especially for the Linksys E-Series routers. It is also highly encouraged that Linksys Smart Wi-Fi Router users turn ON auto updates for their devices.
Reaper Botnet Vulnerability (Date: 10/25/17)
Linksys is aware of the recent Reaper Botnet vulnerability. Only two of Linksys routers (E1500 and E2500) are currently impacted by this vulnerability. Firmware that addresses the current vulnerabilities can be found on our product site. Customers are highly encouraged to update their routers and can find instructions how to do that here.
KRACK Advisory (Date: 10/19/17)
Overview:
An exploit vulnerability called KRACK (which stands for Key Reinstallation Attack) was identified by a researcher regarding a flaw in the Wi-Fi Protected Access® 2 (WPA2™) protocol that helps secure products on a protected Wi-Fi network. The WPA2 protocol is ubiquitous in Wi-Fi networking. The vulnerability described is in the standard itself, rather than just being present in certain companies’ products. Thru this exploit, a series of vulnerabilities were found including a local access vulnerability (hackers need to be within range of a user’s Wi-Fi network) that is known to exploit a flaw in the four-way handshake process between a user's device and a Wi-Fi network. It potentially allows an attacker unauthorized access to the user’s protected Wi-Fi network without the password. More details about the vulnerabilities can found at the ICASI site here.
Company Statement: 10/16/17
Belkin International, (Belkin, Linksys, and Wemo) is aware of the WPA2 vulnerability. Our security team is verifying the details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.
Solution:
Until a firmware is available, we recommend customers use WPA2-Personal or Enterprise with AES as the wireless encryption type and stop using WPA2/WPA™ Mixed Mode with TKIP or AES* to reduce the impact of this vulnerability. Although WPA2-Personal or Enterprise does not prevent the attack, it makes the attack more difficult to execute effectively. To learn how to change your WPA security settings, click here.
When firmware is available, customers should know that all Linksys devices that offer automatic firmware updates which include all Linksys Smart Wi-Fi routers (Velop, Max-Stream™, WRT, and EA series product lines) and some Linksys range extenders (RE6250, RE6300 RE6350, RE6400, RE6700, RE6800, RE7000, RE9000) will update to the latest firmware offering a fix to these vulnerabilities when it is available unless the customer has specifically opted out from this service. Customers that opted out of automatic firmware updates and customers of adapters, bridges, and range extenders that do not support automatic firmware updates can download the firmware when it is available from https://www.linksys.com/support or https://www.belkin.com/support.
For Wemo devices, the mobile applications will notify the users on the availability of new firmware and will prompt the users to initiate the firmware update.
If users are not able to perform a firmware update or receive an error message during the update, please contact Belkin, Linksys or Wemo customer support for further instructions.
Confirmed Affected Products:
* The reason for this is because WPA2/WPA mixed mode allows the use of TKIP which will enable attackers to forge packets. WPA2 only allows the use of AES which prevents the forging of packets and at the same time, makes decryption of packets more difficult (although not impossible).
1. Enable Automatic Updates. Linksys Smart Wi-Fi devices include a feature to automatically update the firmware when new versions are available.
How to automatically update the firmware of the Linksys Smart Wi-Fi Routers
2. Disable Guest Wi-Fi if not in use.
How to manage the Guest Access Feature using the Linksys cloud account
3. Change the default Administrator password.
How to check and update the Router Password using your Linksys cloud account
Affected Products
After thoroughly testing each device for the presence of the known vulnerabilities, we’ve identified the following devices.
NOTE: The select Linksys products EA3500 and EA6500 are no longer being sold or supported.
Fake COVID-19 Message and Malware (3/30/2020)
Bad Packets Report (Date: 5/14/2019)
Talos Vulnerability Report (Date: 10/16/2018)
VPNFilter Malware (Date: 5/25/18)
KRACK Fixes (Date: 5/21/18)
Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)
Reaper Botnet Vulnerability (Date: 10/25/17)
KRACK Advisory (Date: 10/19/17)
IOACTIVE (Date: 4/20/17)
CallStranger Vulnerability (6/16/2020)
Belkin is aware of the recent CallStranger vulnerability which was made public on June 8th, 2020. We agree with the researcher's assessment and working to release firmware updates to all products which could be affected. We also recognize that the highest risk of this vulnerability impacts devices which have UPnP services directly exposed to the internet, which Linksys routers and Wemo products do not do. We recommend that all customers ensure that their router's firewall is enabled (https://www.linksys.com/us/support-article?articleNum=140652) and not forwarding any ports that were not intended (https://www.linksys.com/us/support-article?articleNum=136711). We also strongly recommend that you have an anti-malware software installed and updated on any computers connected to your home network.
Fake COVID-19 Message and Malware (3/30/2020)
Our Customer Advocacy Team, as well as several news outlets, have reported an increase number of fake COVID-19 messages appearing on user’s web browsers prompting them to download malware. In analyzing our cloud traffic patterns, we believe there is a coordinated effort to maliciously access and modify Linksys Smart Wi-Fi Accounts using credentials stolen from other websites. Although we have taken additional steps in the cloud to combat these attempts, out of an abundance of caution, we would like all Linksys Smart Wi-Fi users to reset their passwords (not using any previously used passwords and to consider using a mixture of lower and uppercase letters, numbers, and special characters); you will be prompted to do so the next time you log in. Other precautions you can take are to verify your router’s DNS settings and to make sure your antivirus/malware detection programs are up to date and run a full scan.
Bad Packets Report (Date: 5/14/2019)
Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network. We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled.
Talos Vulnerability Report (Date: 10/16/2018)
Linksys was notified of TALOS-2018-0625 and quickly worked with the Talos team to root cause the vulnerability and provide new firmware to our customers. This vulnerability was identified to exist in only the E1200v2 and E2500v3 routers (other versions of the same models are not impacted by this vulnerability). Customers are highly encouraged to update their routers and can find instructions how to do that here.
VPNFilter Malware (Date: 5/25/18)
Linksys is aware of the notification from US-CERT and Talos regarding the malware, referred to as VPNFilter. We believe that VPNFilter is proliferating itself using known vulnerabilities in older versions of router firmware (that customers haven’t updated) as well as utilizing common default credentials. We advise customers that if they have older routers or routers that do not support automatic updates (or have disabled automatic updates) that they update the latest firmware from our website support.linksys.com on the individual product pages. As we always do, we strongly encourage users to change the administration password periodically. Newer Linksys routers include automatic software downloads and change default passwords during set up so newer Linksys mesh and EA/WRT routers are not known to be affected. If customers believe they have been infected, we recommend customers update to the latest firmware and perform a factory reset of their router. To perform a factory reset, instructions can be found here.
KRACK Fixes (Date: 5/21/18)
Below is an update on the affected devices, which include Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders, and Wemo Products. When firmware is available, it will be posted to the associated brands’ support page.
For the original advisory by Belkin International concerning the KRACK vulnerability, including details on the vulnerability and the possibly affected products, click here.
Wemo Update (Date: 2/6/18)
KRACK and DNS mask vulnerability fixes have been implemented into each core Wemo device firmware. Wemo Mini and Dimmer have one small additional fix / enhancement for setup which allows for an easier transition from the Wemo AP to the router AP during setup.
| Brand | Date Listed | Products Possibly Affected | Updates Available |
|
Linksys
| 10/19/17 | EA6900 v2 | |
| EA7300 | |||
| EA7400 | |||
| EA7500 v1 | |||
| EA7500 v2 | Released 11/27/17: firmware 2.0.4.184918 | ||
| EA8300 | Released 11/15/17: firmware 1.1.3.184925 | ||
| EA8500 | |||
| LAPN300 | Released 2/8/18: firmware 1.1.01.000 | ||
| LAPN600 | Released 2/8/18: firmware 1.1.01.000 | ||
| LAPAC1200 | Released 1/12/18: firmware 1.1.03.000 | ||
| LAPAC1750 | |||
| LAPAC1750PRO | |||
| LAPAC2600 | Released 12/21/17: firmware 1.0.04.001 | ||
| 11/27/17 | WHW03XX | Released 12/13/17: firmware 1.1.2.185309 | |
| 10/19/17 | WRT1200AC v1 | Released 5/1/18: firmware 1.0.5.187766 | |
| 5/3/18 | WRT1200AC v2 | Released 5/1/18: firmware 2.0.5.187766 | |
| 10/19/17 | WRT1900AC v1 | Released 4/12/18: firmware 1.1.10.187766 | |
| WRT1900AC v2 | Released 4/26/18: firmware 2.0.8.187766 | ||
| WRT1900ACS v2 | Released 3/29/18: firmware 2.0.1.186724 | ||
| WRT3200ACM | |||
| RE1000 v2 | Released 5/11/18: firmware 2.0.04 (build 1) | ||
| 5/21/18 | RE2000 v1 | Released 5/11/18: firmware 1.0.03 (build 1) | |
| 10/19/17 | RE2000 v2 | Released 5/11/18: firmware 2.0.01 (build 5) | |
| 5/10/18 | RE3000W v1 | Released 5/4/18: firmware 1.0.01.001 | |
| 10/19/17 | RE3000W v2 | Released 3/13/18: firmware 2.0.03.002 | |
| RE4000W | Released 5/11/18: firmware 1.0.01.001 | ||
| RE4100W | Released 3/13/18: firmware 1.0.03.002 | ||
| RE6250 | Released 5/4/18: firmware 1.0.01.006 | ||
| RE6300 | Released 2/6/18: firmware 1.2.03.004 | ||
| RE6350 | Released 5/4/18: firmware 1.0.01.006 | ||
| RE6400 | Released 2/6/18: firmware 1.2.03.004 | ||
| RE6500 | |||
| RE6700 | Released 2/6/18: firmware 1.2.03.004 | ||
| RE6800 | Released 12/13/17: firmware 1.1.02.004 | ||
| RE7000 | Released 12/13/17: firmware 1.1.02.004 | ||
| RE9000 | Released 12/20/17: firmware 1.0.01.010 | ||
| WAP300N | Released 5/2/18: firmware 1.0.06.001 | ||
| WAP1200AC | |||
| WAPT1200AC | |||
| WAP750AC | |||
| 11/27/17 | WUSB6100M | Released 2/27/18: driver 11.1.0.268 for Windows® 7 and 10, and 11.1.0.275 for Windows 8.1 | |
| WUSB6300 | |||
| WUSB6400M | |||
| Belkin | 10/19/17 |
F7D7501
| |
| F9K1015 | |||
| F9K1111 | |||
| F9K1122 | |||
| F9K1126 | |||
| F9K1127 | |||
| Wemo | 10/19/17 | Wemo Switch | Released 2/6/18: firmware 2.00.11054 |
| Wemo Motion Sensor | |||
| Wemo Light Switch | |||
| Wemo Link | |||
| Wemo Insight | |||
| Wemo Dimmer | Released 2/6/18: firmware 2.00.11036 | ||
| Wemo Mini | |||
| Wemo Slow Cooker | |||
| Wemo Humidifier | |||
| Wemo Coffee Maker | |||
| Wemo Heater | |||
| Wemo Netcam HD+ | |||
| Wemo Netcam Night Vision |
Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)
The Reaper Botnet has integrated a new exploit for routers. For the Linksys E2500 v1, v2, and v3, these devices were patched for the Reaper Botnet vulnerability. You may check the latest release notes here. We continue to monitor its progress and update our products with the necessary firmware.
It is recommended that users regularly check our security advisory page for updates regarding new vulnerabilities, especially for the Linksys E-Series routers. It is also highly encouraged that Linksys Smart Wi-Fi Router users turn ON auto updates for their devices.
Reaper Botnet Vulnerability (Date: 10/25/17)
Linksys is aware of the recent Reaper Botnet vulnerability. Only two of Linksys routers (E1500 and E2500) are currently impacted by this vulnerability. Firmware that addresses the current vulnerabilities can be found on our product site. Customers are highly encouraged to update their routers and can find instructions how to do that here.
Linksys is also aware that this type of botnet can actively update itself with more vulnerabilities and we will continue to monitor its progress and plan to update our products with necessary firmware that fit within our support window.
KRACK Advisory (Date: 10/19/17)
Overview:
An exploit vulnerability called KRACK (which stands for Key Reinstallation Attack) was identified by a researcher regarding a flaw in the Wi-Fi Protected Access® 2 (WPA2™) protocol that helps secure products on a protected Wi-Fi network. The WPA2 protocol is ubiquitous in Wi-Fi networking. The vulnerability described is in the standard itself, rather than just being present in certain companies’ products. Thru this exploit, a series of vulnerabilities were found including a local access vulnerability (hackers need to be within range of a user’s Wi-Fi network) that is known to exploit a flaw in the four-way handshake process between a user's device and a Wi-Fi network. It potentially allows an attacker unauthorized access to the user’s protected Wi-Fi network without the password. More details about the vulnerabilities can found at the ICASI site here.
Company Statement: 10/16/17
Belkin International, (Belkin, Linksys, and Wemo) is aware of the WPA2 vulnerability. Our security team is verifying the details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.
Solution:
Until a firmware is available, we recommend customers use WPA2-Personal or Enterprise with AES as the wireless encryption type and stop using WPA2/WPA™ Mixed Mode with TKIP or AES* to reduce the impact of this vulnerability. Although WPA2-Personal or Enterprise does not prevent the attack, it makes the attack more difficult to execute effectively. To learn how to change your WPA security settings, click here.
When firmware is available, customers should know that all Linksys devices that offer automatic firmware updates which include all Linksys Smart Wi-Fi routers (Velop, Max-Stream™, WRT, and EA series product lines) and some Linksys range extenders (RE6250, RE6300 RE6350, RE6400, RE6700, RE6800, RE7000, RE9000) will update to the latest firmware offering a fix to these vulnerabilities when it is available unless the customer has specifically opted out from this service. Customers that opted out of automatic firmware updates and customers of adapters, bridges, and range extenders that do not support automatic firmware updates can download the firmware when it is available from https://www.linksys.com/support or https://www.belkin.com/support.
For Wemo devices, the mobile applications will notify the users on the availability of new firmware and will prompt the users to initiate the firmware update.
If users are not able to perform a firmware update or receive an error message during the update, please contact Belkin, Linksys or Wemo customer support for further instructions.
Confirmed Affected Products:
We are still confirming all products affected, including Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders, and Wemo Products. As mentioned, when the firmware is available, it will be posted to the associated brands’ support page.
| Vulnerability | Products Possibly Affected |
|
Linksys Products
Belkin Products
Wemo Products
|
|
Linksys Products
|
|
Belkin Product
|
* The reason for this is because WPA2/WPA mixed mode allows the use of TKIP which will enable attackers to forge packets. WPA2 only allows the use of AES which prevents the forging of packets and at the same time, makes decryption of packets more difficult (although not impossible).
IOACTIVE (Date: 4/20/17)
Overview:
Linksys was notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers. As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.
Description
IOActive (www.ioactive.com), a global cybersecurity consultancy, responsibly disclosed to Linksys that they had discovered vulnerabilities affecting multiple Linksys routers. The Linksys Security team has been working with IOActive to confirm and resolve all reported issues. We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled. For instructions, click here.
Solution:
We are working to provide a firmware update for all affected devices. While we are building and testing the fixes, we recommend performing the following steps:
Overview:
Linksys was notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers. As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.
Description
IOActive (www.ioactive.com), a global cybersecurity consultancy, responsibly disclosed to Linksys that they had discovered vulnerabilities affecting multiple Linksys routers. The Linksys Security team has been working with IOActive to confirm and resolve all reported issues. We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled. For instructions, click here.
Solution:
We are working to provide a firmware update for all affected devices. While we are building and testing the fixes, we recommend performing the following steps:
1. Enable Automatic Updates. Linksys Smart Wi-Fi devices include a feature to automatically update the firmware when new versions are available.
How to automatically update the firmware of the Linksys Smart Wi-Fi Routers
2. Disable Guest Wi-Fi if not in use.
How to manage the Guest Access Feature using the Linksys cloud account
3. Change the default Administrator password.
How to check and update the Router Password using your Linksys cloud account
Affected Products
After thoroughly testing each device for the presence of the known vulnerabilities, we’ve identified the following devices.
WRT Series
WRT1200AC v1 - Update available
WRT1200AC v2 - Update available
WRT1900AC v1 - Update available
WRT1900AC v2 - Update available
WRT1900ACS v1 - Update available
WRT1900ACS v2 - Update available
WRT3200ACM - Update available
EA Series
EA2700 - Update available
EA2750 - Update available
EA4500 v3 - Update available
EA6100 - Update available
EA6200 - Update available
EA6300 - Update available
EA6350 v2 - Update available
EA6350 v3 - Update available
EA6400 - Update available
EA6700 - Update available
EA6900 v2 - Update available
EA7300 - Update available
EA7400 - Update available
EA7500 v1 - Update available
EA7500 v2 - Update available
EA8300 - Update available
EA8500 - Update available
EA9200 - Update available
EA9400 - Update available
EA9500 - Update available
WRT1200AC v1 - Update available
WRT1200AC v2 - Update available
WRT1900AC v1 - Update available
WRT1900AC v2 - Update available
WRT1900ACS v1 - Update available
WRT1900ACS v2 - Update available
WRT3200ACM - Update available
EA Series
EA2700 - Update available
EA2750 - Update available
EA4500 v3 - Update available
EA6100 - Update available
EA6200 - Update available
EA6300 - Update available
EA6350 v2 - Update available
EA6350 v3 - Update available
EA6400 - Update available
EA6700 - Update available
EA6900 v2 - Update available
EA7300 - Update available
EA7400 - Update available
EA7500 v1 - Update available
EA7500 v2 - Update available
EA8300 - Update available
EA8500 - Update available
EA9200 - Update available
EA9400 - Update available
EA9500 - Update available
NOTE: The select Linksys products EA3500 and EA6500 are no longer being sold or supported.
Was this support article useful?
Additional Support Questions?
Search Again
CONTACT SUPPORT
-
LINKSYS LIVE CHAT
Help With Linksys.com
I have a question about a Linksys product or a Linksys Store promotion.
Linksys.com FAQs
Tech Support
Get help with an issue or learn how to maximise the potential of my Linksys product.
