text.skipToContent text.skipToNavigation

Linksys Security Advisories

VPNFilter Malware (Date: 5/25/18)
KRACK Fixes (Date: 5/21/18)
Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)
Reaper Botnet Vulnerability (Date: 10/25/17)
KRACK Advisory (Date: 10/19/17)
IOACTIVE (Date: 4/20/17)
VPNFilter Malware (Date: 5/25/18)

Linksys is aware of the notification from US-CERT and Talos regarding the malware, referred to as VPNFilter.  We believe that VPNFilter is proliferating itself using known vulnerabilities in older versions of router firmware (that customers haven’t updated) as well as utilizing common default credentials.  We advise customers that if they have older routers or routers that do not support automatic updates (or have disabled automatic updates) that they update the latest firmware from our website support.linksys.com on the individual product pages.  As we always do, we strongly encourage users to change the administration password periodically.  Newer Linksys routers include automatic software downloads and change default passwords during set up so newer Linksys mesh and EA/WRT routers are not known to be affected.   If customers believe they have been infected, we recommend customers update to the latest firmware and perform a factory reset of their router.  To perform a factory reset, instructions can be found here.

KRACK Fixes (Date: 5/21/18)

Below is an update on the affected devices, which include Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders and Wemo Products.  When firmware is available, it will be posted to the associated brands’ support page.

For the original advisory by Belkin International concerning the KRACK vulnerability, including details on the vulnerability and the possibly affected products, click
here.

Wemo Update (Date: 2/6/18)
KRACK and DNS mask vulnerability fixes have been implemented into each core Wemo device firmware.  Wemo Mini and Dimmer have one small additional fix / enhancement for setup which allows for an easier transition from the Wemo AP to the router AP during setup.

 
BrandDate ListedProducts Possibly AffectedUpdates Available
    Linksys
    10/19/17EA6900 v2 
    EA7300
    EA7400
    EA7500 v1
    EA7500 v2Released 11/27/17:  firmware 2.0.4.184918
    EA8300Released 11/15/17:  firmware 1.1.3.184925
    EA8500 
    LAPN300Released 2/8/18:  firmware 1.1.01.000
    LAPN600Released 2/8/18:  firmware 1.1.01.000
    LAPAC1200 Released 1/12/18:  firmware 1.1.03.000
    LAPAC1750 
    LAPAC1750PRO
    LAPAC2600Released 12/21/17:  firmware 1.0.04.001
    11/27/17WHW03Released 12/13/17:  firmware 1.1.2.185309
    10/19/17WRT1200AC v1 Released 5/1/18:  firmware 1.0.5.187766
    5/3/18WRT1200AC v2Released 5/1/18:  firmware 2.0.5.187766
    10/19/17WRT1900AC v1Released 4/12/18:  firmware 1.1.10.187766
    WRT1900AC v2Released 4/26/18:  firmware 2.0.8.187766
    WRT1900ACS v2Released 3/29/18:  firmware 2.0.1.186724
    WRT3200ACM 
    RE1000 v2Released 5/11/18:  firmware 2.0.04 (build 1)
    5/21/18RE2000 v1Released 5/11/18:  firmware 1.0.03 (build 1)
    10/19/17RE2000 v2Released 5/11/18:  firmware 2.0.01 (build 5)
    5/10/18RE3000W v1Released 5/4/18:  firmware 1.0.01.001
    10/19/17RE3000W v2Released 3/13/18:  firmware 2.0.03.002
    RE4000WReleased 5/11/18:  firmware 1.0.01.001
    RE4100W Released 3/13/18:  firmware 1.0.03.002
    RE6250 Released 5/4/18:  firmware 1.0.01.006
    RE6300Released 2/6/18:  firmware 1.2.03.004
    RE6350Released 5/4/18:  firmware 1.0.01.006
    RE6400Released 2/6/18:  firmware 1.2.03.004
    RE6500 
    RE6700Released 2/6/18:  firmware 1.2.03.004
    RE6800Released 12/13/17:  firmware 1.1.02.004
    RE7000 Released 12/13/17:  firmware 1.1.02.004
    RE9000Released 12/20/17:  firmware 1.0.01.010
    WAP300NReleased 5/2/18:  firmware 1.0.06.001
    WAP1200AC 
    WAPT1200AC 
    WAP750AC 
    11/27/17WUSB6100MReleased 2/27/18:  driver 11.1.0.268 for Windows® 7 and 10, and 11.1.0.275 for Windows 8.1
    WUSB6300 
    WUSB6400M 
    Belkin10/19/17
    F7D7501
     
    F9K1015 
    F9K1111 
    F9K1122 
    F9K1126 
    F9K1127 
    Wemo10/19/17Wemo SwitchReleased 2/6/18:  firmware 2.00.11054
    Wemo Motion Sensor
    Wemo Light Switch
    Wemo Link
    Wemo Insight
    Wemo DimmerReleased 2/6/18:  firmware 2.00.11036
    Wemo Mini
    Wemo Slow Cooker 
    Wemo Humidifier
    Wemo Coffee Maker
    Wemo Heater
    Wemo Netcam HD+
    Wemo Netcam Night Vision


    Reaper Botnet Vulnerability on E-Series Routers (Date: 10/31/17)

    The Reaper Botnet has integrated a new exploit for routers.  For the Linksys E2500 v1, v2 and v3, these devices were patched for the Reaper Botnet vulnerability.  You may check the latest release notes here.  We continue to monitor its progress and update our products with the necessary firmware.

    It is recommended that users regularly check our security advisory page for updates regarding new vulnerabilities, especially for the Linksys E-Series routers.  It is also highly encouraged that Linksys Smart Wi-Fi Router users turn ON auto updates for their devices.


    Reaper Botnet Vulnerability (Date: 10/25/17)

    Linksys is aware of the recent Reaper Botnet vulnerability.  Only two of Linksys routers (E1500 and E2500) are currently impacted by this vulnerability.  Firmware that addresses the current vulnerabilities can be found on our product site.  Customers are highly encouraged to update their routers and can find instructions how to do that here.   

     
    Linksys is also aware that this type of botnet can actively update itself with more vulnerabilities and we will continue to monitor its progress and plan to update our products with necessary firmware that fit within our support window.

     



    KRACK Advisory (Date: 10/19/17)
     
    Overview:
    An exploit vulnerability called KRACK (which stands for Key Reinstallation Attack) was identified by a researcher regarding a flaw in the Wi-Fi Protected Access
    ® 2 (WPA2™) protocol that helps secure products on a protected Wi-Fi network.  The WPA2 protocol is ubiquitous in Wi-Fi networking.  The vulnerability described is in the standard itself, rather than just being present in certain companies’ products.  Thru this exploit, a series of vulnerabilities were found including a local access vulnerability (hackers need to be within range of a user’s Wi-Fi network) that is known to exploit a flaw in the four-way handshake process between a user's device and a Wi-Fi network.  It potentially allows an attacker unauthorized access to the user’s protected Wi-Fi network without the password.  More details about the vulnerabilities can found at the ICASI site here.
     
    Company Statement: 10/16/17
    Belkin International, (Belkin, Linksys and Wemo) is aware of the WPA2 vulnerability.  Our security team is verifying the details and we will advise accordingly.  Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.
     
    Solution:
    Until a firmware is available, we recommend customers use WPA2-Personal or Enterprise with AES as the wireless encryption type and stop using WPA2/WPA™ Mixed Mode with TKIP or AES* to reduce the impact of this vulnerability.  Although WPA2-Personal or Enterprise does not prevent the attack, it makes the attack more difficult to execute effectively.  To learn how to change your WPA security settings, click here.
     
    When firmware is available, customers should know that all Linksys devices that offer automatic firmware updates which include all Linksys Smart Wi-Fi routers (Velop, Max-Stream™, WRT, and EA series product lines) and some Linksys range extenders (RE6250, RE6300 RE6350, RE6400, RE6700, RE6800, RE7000, RE9000) will update to the latest firmware offering a fix to these vulnerabilities when it is available unless the customer has specifically opted out from this service.  Customers that opted out of automatic firmware updates and customers of adapters, bridges, range extenders that do not support automatic firmware updates can download the firmware when it is available from http://www.linksys.com/support
    or http://www.belkin.com/support.
     
    For Wemo devices, the mobile applications will notify the users on the availability of new firmware and will prompt the users to initiate the firmware update.
     
    If users are not able to perform a firmware update or receive an error message during the update, please contact Belkin, Linksys or Wemo customer support for further instructions. 
     
    Confirmed Affected Products:
    We are still confirming all products affected, including Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders, and Wemo Products.  As mentioned, when the firmware is available, it will be posted to the associated brands’ support page.
     
    VulnerabilityProducts Possibly Affected
    • CVE-2017-13077:  Reinstallation of pairwise key in four-way handshake
    • CVE-2017-13078:  Reinstallation of group key in four-way handshake
    • CVE-2017-13079:  Reinstallation of the integrity group key in four-way handshake
    • CVE-2017-13080:  Reinstallation of the group key in the group key handshake
    • CVE-2017-13081  Reinstallation of the integrity group key in the group key handshake
    • CVE-2017-13087:  Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
    • CVE-2017-13088:  Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
    Linksys Products
    • EA6900 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • EA7300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • EA7400 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • EA7500 v1 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • EA7500 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • EA8300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • EA8500 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • LAPN300 (When WDS or workgroup bridge is enabled)
    • LAPN600 (When WDS or workgroup bridge is enabled)
    • LAPAC1200 (When WDS or workgroup bridge is enabled)
    • LAPAC1750 (When WDS or workgroup bridge is enabled)
    • LAPAC1750PRO (When WDS or workgroup bridge is enabled)
    • LAPAC2600 (When WDS or workgroup bridge is enabled)
    • WRT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • WRT1900AC v1 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • WRT1900AC v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • WRT1900ACS (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • WRT3200ACM (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
    • RE1000 v2
    • RE2000 v2
    • RE3000 v2
    • RE4000
    • RE4100W
    • RE6250
    • RE6300
    • RE6350
    • RE6400
    • RE6500
    • RE6700
    • RE6800
    • RE7000
    • RE9000
    • WAP1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
    • WAPT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
    • WAP750AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
    Belkin Products
    • F7D7501
    • F9K1015
    • F9K1111
    • F9K1122
    • F9K1126
    • F9K1127
    Wemo Products
    • Wemo Switch
    • Wemo Motion
    • Wemo Insight
    • Wemo Light Switch
    • Wemo Dimmer
    • Wemo Switch Mini
    • Wemo Link
    • Wemo Slow Cooker
    • Wemo Humidifier
    • Wemo Coffee Maker
    • Wemo Heater
    • Wemo Netcam HD+
    • Wemo Netcam
    • CVE-2017-13082:  Accepting retransmitted Fast BSS Transition Reassociation Request and reinstalling pairwise key while processing it




     
    Linksys Products
    • EA7400
    • EA7500
    • EA8300
    • EA8500
    • LAPAC2600
    • WHW03XX
    • RE7000
    • RE9000
    • CVE-2017-13084:  Reinstallation of the STK key in PeerKey handshake
    • CVE-2017-13086:  Reinstallation of the Tunneled Direct Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
    Belkin Product
    • F7D7501
     
     
    * The reason for this is because WPA2/WPA mixed mode allows the use of TKIP which will enable attackers to forge packets.  WPA2 only allows the use of AES which prevents the forging of packets and at the same time, makes decryption of packets more difficult (although not impossible).

     

    IOACTIVE (Date: 4/20/17)

    Overview:

    Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers.  As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity.

    Description

    IOActive
    (www.ioactive.com), a global cybersecurity consultancy, responsibly disclosed to Linksys that they had discovered vulnerabilities affecting multiple Linksys routers.  The Linksys Security team has been working with IOActive to confirm and resolve all reported issues.  We will be releasing firmware updates for all affected devices.  In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled.  For instructions, click here.

    Solution:

    We are working to provide a firmware update for all affected devices.  While we are building and testing the fixes, we recommend performing the following steps:

    1.  Enable Automatic Updates.  Linksys Smart Wi-Fi devices include a feature to automatically update the firmware when new versions are available.

    How to automatically update the firmware of the Linksys Smart Wi-Fi Routers

    2.  Disable Guest Wi-Fi if not in use.

    How to manage the Guest Access Feature using the Linksys cloud account

    3.  Change the default Administrator password.

    How to check and update the Router Password using your Linksys cloud account

    Affected Products

    After thoroughly testing each device for the presence of the known vulnerabilities, we’ve identified the following devices.
     
    WRT Series
    WRT1200AC v1 - Update available
    WRT1200AC v2 - Update available
    WRT1900AC v1 - Update available
    WRT1900AC v2

    WRT1900ACS v1 - Update available
    WRT1900ACS v2 - Update available
    WRT3200ACM - Update available

    EA Series
    EA2700
    EA2750
    EA3500

    EA4500 v3 - Update available
    EA6100 - Update available
    EA6200
    EA6300
    EA6350 v2

    EA6350 v3 - Update available
    EA6400
    EA6500
    EA6700

    EA6900 v2 - Update available
    EA7300
    EA7400 - Update available
    EA7500 v1 - Update available
    EA7500 v2 - Update available
    EA8300 - Update available
    EA8500 - Update available
    EA9200

    EA9400 - Update available
    EA9500 - Update available

    Was this support article useful?

    Additional Support Questions?

    Search Again

    CONTACT SUPPORT