text.skipToContent text.skipToNavigation

Linksys Security Advisories

Log4Shell/Log4j Informative Notice (12/13/2021)
CHIP/IoT Inspector Report (12/6/2021)
Fragment and Forge Vulnerability (5/11/2021)
CallStranger Vulnerability (6/16/2020)
Fake COVID-19 Message and Malware (3/30/2020)
Bad Packets Report (Date: 5/14/2019)
Talos Vulnerability Report (Date: 10/16/2018)
VPNFilter Malware (Date: 5/25/18)

KRACK Fixes (Date: 5/21/18)
Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)
Reaper Botnet Vulnerability (Date: 10/25/17)
KRACK Advisory (Date: 10/19/17)
IOACTIVE (Date: 4/20/17)

 
Log4Shell/Log4j Informative Notice (12/13/2021)

Linksys has reviewed the recent log4j vulnerability known as Log4Shell.  None of our Linksys physical hardware devices (routers, mesh, range extenders) use log4j and are not affected by the vulnerability. We use an implementation of log4j in our Linksys Smart Wi-Fi Cloud, but that is not impacted by this vulnerability.  As always, make sure you use strong, complex passwords for your router and Smart Wi-Fi Cloud account. Also be sure to enable automatic updates so that you receive the latest updates for your device as soon as they are available.  For more tips on how to secure your home network, see here: https://www.linksys.com/us/r/resource-center/securing-your-home-wireless-network/.
 
CHIP/IoT Inspector Report (12/6/2021)

Linksys takes security seriously. We make it a point to provide firmware updates to our active products with known vulnerabilities, whether they are reported to us through our disclosure program, from a third-party report or discovered internally.

In regard to the IoT Inspector report that identified 20 vulnerabilities within our Linksys Velop MR9600 system, 10 of them were deemed not valid, two of them have been fixed and will soon be rolled out to our customers (DNSMASQ/DNSPOOQ), 1 issue is actively being addressed as part of a larger internal security initiative within Linksys (default passwords), and 7 issues were deemed "low" priority as we do not believe they pose a serious security risk to our customers. That being said, all “low” priority issues have been added to our internal security review and update process, and our team is considering ways to address issues moving forward.

 
Fragment and Forge Vulnerability (5/11/2021)

Linksys has been made of aware of a set of new Wi-Fi based vulnerabilities known as Fragment and Forge which can be exploited under certain conditions to potentially allow interception or alterations of communication within a Wi-Fi network.  Devices using encryption schemes from WEP up to WPA3 are affected industry wide.  In order for this vulnerability to be exploited, the attacker must either have a device under their control already on the target network or needs to be in proximity of the Wi-Fi network and trick a user on the network to visit the attacker’s server (phishing email, malicious ads, etc.).  Linksys is working with our vendors and manufacturers to quickly patch all affected devices and release them to our customers as soon as possible.  Until then, keep yourself protected by continuing best practices and not clicking on emails from unknown recipients or viewing suspicious web sites.  Also periodically check the devices connected to your network and if you see any devices or connections that not familiar, block those devices and/or change your Wi-Fi network password.  As always, make sure you use a strong admin password for your router and make sure you have automatic updates enabled to ensure you receive the latest updates for your device as soon as it is available.  For more tips on how to secure your network, see here: https://www.linksys.com/us/r/resource-center/securing-your-home-wireless-network/.
 
CallStranger Vulnerability (6/16/2020)

The recent CallStranger vulnerability was made public on June 8th, 2020.  We agree with the researcher's assessment and working to release firmware updates to all products which could be affected.  We also recognize that the highest risk of this vulnerability impacts devices which have UPnP services directly exposed to the internet, which Linksys routers do not do.  We recommend that all customers ensure that their router's firewall is enabled (https://www.linksys.com/us/support-article?articleNum=140652) and not forwarding any ports that were not intended (https://www.linksys.com/us/support-article?articleNum=136711).  We also strongly recommend that you have an anti-malware software installed and updated on any computers connected to your home network.
 
Fake COVID-19 Message and Malware (3/30/2020)

Our Customer Advocacy Team, as well as several news outlets, have reported an increase number of fake COVID-19 messages appearing on user’s web browsers prompting them to download malware.  In analyzing our cloud traffic patterns, we believe there is a coordinated effort to maliciously access and modify Linksys Smart Wi-Fi Accounts using credentials stolen from other websites.  Although we have taken additional steps in the cloud to combat these attempts, out of an abundance of caution, we would like all Linksys Smart Wi-Fi users to reset their passwords (not using any previously used passwords and to consider using a mixture of lower and uppercase letters, numbers, and special characters); you will be prompted to do so the next time you log in.  Other precautions you can take are to verify your router’s DNS settings and to make sure your antivirus/malware detection programs are up to date and run a full scan.
 


Bad Packets Report (Date: 5/14/2019)

Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014).  We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique.  JNAP commands are only accessible to users connected to the router’s local network.  We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls.  Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled.
 

Talos Vulnerability Report (Date: 10/16/2018)

Linksys was notified of TALOS-2018-0625 and quickly worked with the Talos team to root cause the vulnerability and provide new firmware to our customers.  This vulnerability was identified to exist in only the E1200v2 and E2500v3 routers (other versions of the same models are not impacted by this vulnerability).  Customers are highly encouraged to update their routers and can find instructions how to do that here.  

VPNFilter Malware (Date: 5/25/18)


Linksys is aware of the notification from US-CERT and Talos regarding the malware, referred to as VPNFilter.  We believe that VPNFilter is proliferating itself using known vulnerabilities in older versions of router firmware (that customers haven’t updated) as well as utilizing common default credentials.  We advise customers that if they have older routers or routers that do not support automatic updates (or have disabled automatic updates) that they update the latest firmware from our website support.linksys.com on the individual product pages.  As we always do, we strongly encourage users to change the administration password periodically.  Newer Linksys routers include automatic software downloads and change default passwords during set up so newer Linksys mesh and EA/WRT routers are not known to be affected.   If customers believe they have been infected, we recommend customers update to the latest firmware and perform a factory reset of their router.  To perform a factory reset, instructions can be found here.
 


 

KRACK Fixes (Date: 5/21/18)

Below is an update on the affected devices, which include Linksys Routers, Adapters, Access Points, Bridges, and Range Extenders.  When firmware is available, it will be posted to the associated brands’ support page.

For the
original advisory concerning the KRACK vulnerability, including details on the vulnerability and the possibly affected products, click here.
 
Date ListedProducts Possibly AffectedUpdates Available
10/19/17EA6900 v2 
EA7300
EA7400
EA7500 v1
EA7500 v2Released 11/27/17:  firmware 2.0.4.184918
EA8300Released 11/15/17:  firmware 1.1.3.184925
EA8500 
LAPN300Released 2/8/18:  firmware 1.1.01.000
LAPN600Released 2/8/18:  firmware 1.1.01.000
LAPAC1200 Released 1/12/18:  firmware 1.1.03.000
LAPAC1750 
LAPAC1750PRO
LAPAC2600Released 12/21/17:  firmware 1.0.04.001
11/27/17WHW03XXReleased 12/13/17:  firmware 1.1.2.185309
10/19/17WRT1200AC v1 Released 5/1/18:  firmware 1.0.5.187766
5/3/18WRT1200AC v2Released 5/1/18:  firmware 2.0.5.187766
10/19/17WRT1900AC v1Released 4/12/18:  firmware 1.1.10.187766
WRT1900AC v2Released 4/26/18:  firmware 2.0.8.187766
WRT1900ACS v2Released 3/29/18:  firmware 2.0.1.186724
WRT3200ACM 
RE1000 v2Released 5/11/18:  firmware 2.0.04 (build 1)
5/21/18RE2000 v1Released 5/11/18:  firmware 1.0.03 (build 1)
10/19/17RE2000 v2Released 5/11/18:  firmware 2.0.01 (build 5)
5/10/18RE3000W v1Released 5/4/18:  firmware 1.0.01.001
10/19/17RE3000W v2Released 3/13/18:  firmware 2.0.03.002
RE4000WReleased 5/11/18:  firmware 1.0.01.001
RE4100W Released 3/13/18:  firmware 1.0.03.002
RE6250 Released 5/4/18:  firmware 1.0.01.006
RE6300Released 2/6/18:  firmware 1.2.03.004
RE6350Released 5/4/18:  firmware 1.0.01.006
RE6400Released 2/6/18:  firmware 1.2.03.004
RE6500 
RE6700Released 2/6/18:  firmware 1.2.03.004
RE6800Released 12/13/17:  firmware 1.1.02.004
RE7000 Released 12/13/17:  firmware 1.1.02.004
RE9000Released 12/20/17:  firmware 1.0.01.010
WAP300NReleased 5/2/18:  firmware 1.0.06.001
WAP1200AC 
WAPT1200AC 
WAP750AC 
11/27/17WUSB6100MReleased 2/27/18:  driver 11.1.0.268 for Windows® 7 and 10, and 11.1.0.275 for Windows 8.1
WUSB6300 
WUSB6400M 
 

Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)

The Reaper Botnet has integrated a new exploit for routers.  For the Linksys E2500 v1, v2, and v3, these devices were patched for the Reaper Botnet vulnerability.  You may check the latest release notes here.  We continue to monitor its progress and update our products with the necessary firmware.

It is recommended that users regularly check our security advisory page for updates regarding new vulnerabilities, especially for the Linksys E-Series routers.  It is also highly encouraged that Linksys Smart Wi-Fi Router users turn ON auto updates for their devices.


Reaper Botnet Vulnerability (Date: 10/25/17)

Linksys is aware of the recent Reaper Botnet vulnerability.  Only two of Linksys routers (E1500 and E2500) are currently impacted by this vulnerability.  Firmware that addresses the current vulnerabilities can be found on our product site.  Customers are highly encouraged to update their routers and can find instructions how to do that here.


Linksys is also aware that this type of botnet can actively update itself with more vulnerabilities and we will continue to monitor its progress and plan to update our products with necessary firmware that fit within our support window.
 



KRACK Advisory (Date: 10/19/17)
 
Overview:

An exploit vulnerability called KRACK (which stands for Key Reinstallation Attack) was identified by a researcher regarding a flaw in the Wi-Fi Protected Access® 2 (WPA2™) protocol that helps secure products on a protected Wi-Fi network.  The WPA2 protocol is ubiquitous in Wi-Fi networking.  The vulnerability described is in the standard itself, rather than just being present in certain companies’ products.  Thru this exploit, a series of vulnerabilities were found including a local access vulnerability (hackers need to be within range of a user’s Wi-Fi network) that is known to exploit a flaw in the four-way handshake process between a user's device and a Wi-Fi network.  It potentially allows an attacker unauthorized access to the user’s protected Wi-Fi network without the password.  More details about the vulnerabilities can found at the ICASI site here.
 
Company Statement: 10/16/17

Linksys is aware of the WPA2 vulnerability.  Our security team is verifying the details and we will advise accordingly.  Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.
 
Solution:

Until a firmware is available, we recommend customers use WPA2-Personal or Enterprise with AES as the wireless encryption type and stop using WPA2/WPA™ Mixed Mode with TKIP or AES* to reduce the impact of this vulnerability.  Although WPA2-Personal or Enterprise does not prevent the attack, it makes the attack more difficult to execute effectively.  To learn how to change your WPA security settings, click here.
 
When firmware is available, customers should know that all Linksys devices that offer automatic firmware updates which include all Linksys Smart Wi-Fi routers (Velop, Max-Stream™, WRT, and EA series product lines) and some Linksys range extenders (RE6250, RE6300 RE6350, RE6400, RE6700, RE6800, RE7000, RE9000) will update to the latest firmware offering a fix to these vulnerabilities when it is available unless the customer has specifically opted out from this service.  Customers that opted out of automatic firmware updates and customers of adapters, bridges, and range extenders that do not support automatic firmware updates can download the firmware when it is available from https://www.linksys.com/support
.

 
If users are not able to perform a firmware update or receive an error message during the update, please contact Linksys customer support for further instructions. 

 
Confirmed Affected Products:
We are still confirming all products affected, including Linksys Routers, Adapters, Access Points, Bridges and Range Extenders.  As mentioned, when the firmware is available, it will be posted to the associated brands’ support page.
 
VulnerabilityProducts Possibly Affected
  • CVE-2017-13077:  Reinstallation of pairwise key in four-way handshake
  • CVE-2017-13078:  Reinstallation of group key in four-way handshake
  • CVE-2017-13079:  Reinstallation of the integrity group key in four-way handshake
  • CVE-2017-13080:  Reinstallation of the group key in the group key handshake
  • CVE-2017-13081  Reinstallation of the integrity group key in the group key handshake
  • CVE-2017-13087:  Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088:  Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
Linksys Products
  • EA6900 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7400 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7500 v1 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7500 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA8300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA8500 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • LAPN300 (When WDS or workgroup bridge is enabled)
  • LAPN600 (When WDS or workgroup bridge is enabled)
  • LAPAC1200 (When WDS or workgroup bridge is enabled)
  • LAPAC1750 (When WDS or workgroup bridge is enabled)
  • LAPAC1750PRO (When WDS or workgroup bridge is enabled)
  • LAPAC2600 (When WDS or workgroup bridge is enabled)
  • WRT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900AC v1 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900AC v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900ACS (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT3200ACM (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • RE1000 v2
  • RE2000 v2
  • RE3000 v2
  • RE4000
  • RE4100W
  • RE6250
  • RE6300
  • RE6350
  • RE6400
  • RE6500
  • RE6700
  • RE6800
  • RE7000
  • RE9000
  • WAP1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless access point)
  • WAPT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless access point)
  • WAP750AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless access point)
 
  • CVE-2017-13082:  Accepting retransmitted Fast BSS Transition Reassociation Request and reinstalling pairwise key while processing it




 
Linksys Products
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • LAPAC2600
  • WHW03XX
  • RE7000
  • RE9000
 
* The reason for this is because WPA2/WPA mixed mode allows the use of TKIP which will enable attackers to forge packets.  WPA2 only allows the use of AES which prevents the forging of packets and at the same time, makes decryption of packets more difficult (although not impossible).
 

IOACTIVE (Date: 4/20/17)

Overview:


Linksys was notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers.  As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.

Description


IOActive (www.ioactive.com), a global cybersecurity consultancy, responsibly disclosed to Linksys that they had discovered vulnerabilities affecting multiple Linksys routers.  The Linksys Security team has been working with IOActive to confirm and resolve all reported issues.  We will be releasing firmware updates for all affected devices.  In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled.  For instructions, click here.

Solution:

We are working to provide a firmware update for all affected devices.  While we are building and testing the fixes, we recommend performing the following steps:

1.  Enable Automatic Updates.  Linksys Smart Wi-Fi devices include a feature to automatically update the firmware when new versions are available.

How to automatically update the firmware of the Linksys Smart Wi-Fi Routers

2.  Disable Guest Wi-Fi if not in use.

How to manage the Guest Access Feature using the Linksys cloud account

3.  Change the default Administrator password.

How to check and update the Router Password using your Linksys cloud account

Affected Products

After thoroughly testing each device for the presence of the known vulnerabilities, we’ve identified the following devices.
 
WRT Series
WRT1200AC v1 - Update available
WRT1200AC v2 - Update available
WRT1900AC v1 - Update available
WRT1900AC v2
- Update available

WRT1900ACS v1 - Update available
WRT1900ACS v2 - Update available
WRT3200ACM - Update available


EA Series
EA2700 - Update available
EA2750
- Update available
EA4500 v3 - Update available
EA6100 - Update available
EA6200 - Update available
EA6300 - Update available
EA6350 v2
- Update available
EA6350 v3 - Update available
EA6400 - Update available
EA6700
- Update available
EA6900 v2 - Update available
EA7300 - Update available
EA7400 - Update available
EA7500 v1 - Update available
EA7500 v2 - Update available
EA8300 - Update available
EA8500 - Update available
EA9200
- Update available
EA9400 - Update available
EA9500 - Update available

NOTE:  The select Linksys products EA3500 and EA6500 are no longer being sold or supported.

Was this support article useful?

Additional Support Questions?

Search Again

CONTACT SUPPORT