text.skipToContent text.skipToNavigation

Linksys Security Advisories


Reaper Botnet Vulnerability on E-Series Routers (10/31/2017)
Reaper Botnet Vulnerability (10/25/2017)
KRACK Advisory (10/19/2017)
IOACTIVE (4/20/2017)

 

Reaper Botnet Vulnerability on E-Series Routers
Advisory Date:  10/31/17

The Reaper Botnet has integrated a new exploit for routers.  For the Linksys E2500 v1, v2 and v3, these devices were patched for the Reaper Botnet vulnerability.  You may check the latest release notes here.  We continue to monitor its progress and update our products with the necessary firmware.

It is recommended that users regularly check our security advisory page for updates regarding new vulnerabilities, especially for the Linksys E-Series routers.  It is also highly encouraged that Linksys Smart Wi-Fi Router users turn ON auto updates for their devices.
 

Reaper Botnet Vulnerability
Advisory Date:  10/25/17

Linksys is aware of the recent Reaper Botnet vulnerability.  Only two of Linksys routers (E1500 and E2500) are currently impacted by this vulnerability.  Firmware that addresses the current vulnerabilities can be found on our product site.  Customers are highly encouraged to update their routers and can find instructions how to do that here.   

 
Linksys is also aware that this type of botnet can actively update itself with more vulnerabilities and we will continue to monitor its progress and plan to update our products with necessary firmware that fit within our support window.

 



KRACK Advisory
Advisory Date:  10/19/17
 
Overview
An exploit vulnerability called KRACK (which stands for Key Reinstallation Attack) was identified by a researcher regarding a flaw in the Wi-Fi Protected Access 2 (WPA2) protocol that helps secure products on a protected Wi-Fi network. The WPA2 protocol is ubiquitous in Wi-Fi networking. The vulnerability described is in the standard itself, rather than just being present in certain companies’ products.  Thru this exploit, a series of vulnerabilities were found including a local access vulnerability (hackers need to be within range of a user’s Wi-Fi network) that is known to exploit a flaw in the four-way handshake process between a user's device and a Wi-Fi network. It potentially allows an attacker unauthorized access to the user’s protected Wi-Fi network without the password. More details about the vulnerabilities can found at the ICASI site here.
 
Company Statement: 10/16/17
Belkin International, (Belkin, Linksys and Wemo) is aware of the WPA2 vulnerability. Our security team is verifying the details and we will advise accordingly.  Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.
 
Solution
Until a firmware is available, we recommend customers use WPA2-Personal or Enterprise with AES as the wireless encryption type and stop using WPA2/WPA Mixed Mode with TKIP or AES* to reduce the impact of this vulnerability.  Although WPA2-Personal or Enterprise does not prevent the attack, it makes the attack more difficult to execute effectively.  To learn how to change your WPA security settings, click here.
 
When firmware is available, customers should know that all Linksys devices that offer automatic firmware updates which include all Smart Wi-Fi routers (Velop, MaxStream, WRT, and EA series product lines) and some extenders (RE6250, RE6300 RE6350, RE 6400, RE6700, RE6800, RE7000, RE9000) will update to the latest firmware offering a fix to these vulnerabilities when it is available unless the customer has specifically opted out from this service.  Customers that opted out of automatic firmware updates and customers of adapters, bridges, range extenders that do not support automatic firmware updates can download the firmware when it is available from http://www.belkin.com/us/support or http://www.linksys.com/us/support/.
 
For Wemo devices, the mobile applications will notify the users on the availability of new firmware and will prompt the users to initiate the firmware update.
 
If users are not able to perform a firmware update or receive an error message during the update, please contact Belkin, Linksys or Wemo customer support for further instructions. 
 
Confirmed Affected Products:
 
We are still confirming all product skus affected, including Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders and Wemo Products.  As mentioned, when firmware is available, it will be posted to the associated brands’ support page.
 
 
VulnerabilityProducts Possibly Affected
  • CVE-2017-13077: Reinstallation of pairwise key in 4-way handshake
  • CVE-2017-13078: Reinstallation of group key in 4-way handshake
  • CVE-2017-13079: Reinstallation of the integrity group key in 4-way handshake
  • CVE-2017-13080: Reinstallation of the group key in the group key handshake
  • CVE-2017-13081  Reinstallation of the integrity group key in the group key handshake
  • CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireleess Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Seep Mode Response frame
Linksys Products
  • EA6900 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7400 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7500 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7500 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA8300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA8500 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • LAPN300 (When WDS or workgroup bridge is enabled)
  • LAPN600 (When WDS or workgroup bridge is enabled)
  • LAPAC1200 (When WDS or workgroup bridge is enabled)
  • LAPAC1750 (When WDS or workgroup bridge is enabled)
  • LAPAC1750PRO (When WDS or workgroup bridge is enabled)
  • LAPAC2600 (When WDS or workgroup bridge is enabled)
  • WRT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900AC v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900ACS (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT3200ACM (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • RE1000 v2
  • RE2000 v2
  • RE3000 v2
  • RE4000
  • RE4100W
  • RE6250
  • RE6300
  • RE6350
  • RE6400
  • RE6500
  • RE6700
  • RE6800
  • RE7000
  • RE9000
  • WAP1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
  • WAPT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
  • WAP750AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
  Belkin Products
  • F7D7501
  • F9K1015
  • F9K1111
  • F9K1122
  • F9K1126
  •  F9K1127
Wemo Products
  • Wemo Switch
  • Wemo Motion Sensor
  • Wemo Insight
  • Wemo Light Switch
  • Wemo Dimmer
  • Wemo Switch Mini
  • Wemo Link
  • Wemo Slow Cooker
  • Wemo Humidifier
  • Wemo Coffee Maker
  • Wemo Heater
  • Wemo Netcam HD+
  • Wemo Netcam Night Vision
  • CVE-2017-13082: Accepting retransmitted Fast BSS Transition Reassociation Request and reinstalling pairwise key while processing it





 
Linksys Products
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • LAPAC2600
  • WHW03
  • RE7000
  • RE9000
  • CVE-2017-13084: Reinstallation of the STK key in PeerKey handshake
  • CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
Belkin Products
  • F7D7501
 
 
 
* The reason for this is that WPA2/WPA mixed mode allows the use of TKIP which will enable attackers to forge packets.  WPA2 only allows the use of AES which prevents the forging of packets and at the same time, makes decryption of packets more difficult (although not impossible).
 
IOACTIVE
Advisory Date: 
April 20, 2017

Overview

Linksys was recently notified of some vulnerabilities in our Linksys Smart Wi-Fi series of routers.  As we work towards publishing firmware updates, as a temporary fix, we recommend that
customers using Guest Networks on any of the affected products below temporarily disable this feature
to avoid any attempts at malicious activity.

Description


IOActive (www.ioactive.com), a global cybersecurity consultancy, responsibly disclosed to Linksys that they had discovered vulnerabilities affecting multiple Linksys routers.  The Linksys Security team has been working with IOActive to confirm and resolve all reported issues.  We will
be releasing firmware updates for all affected devices.  In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled.  For instructions, click here.

Solution

We are working to provide a firmware update for all affected devices.  While we are building
and
testing the fixes we recommend performing the following steps:

1.  Enable Automatic Updates.  Linksys Smart Wi-Fi devices include a feature to automatically update the firmware when new versions are available.
How to automatically update the firmware of the Linksys Smart Wi-Fi Routers
2.  Disable WiFi Guest Network if not in use.
How to manage the Guest Access Feature using the Linksys cloud account
3.  Change the default Administrator password.
How to check and update the Router Password using your Linksys cloud account

Affected Products

After thoroughly testing each device for the presence of the known vulnerabilities, we’ve
identified
the following devices.
 
WRT Series
WRT1200AC v1 - Update available
WRT1200AC v2 - Update available
WRT1900AC v1 - Update available
WRT1900AC v2
WRT1900ACS v1 - Update available
WRT1900ACS v2 - Update available
WRT3200ACM
- Update available

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3 - Update available
EA6100 - Update available
EA6200
EA6300
EA6350 v2
EA6350 v3 - Update available
EA6400
EA6500
EA6700
EA6900 v2 - Update available
EA7300
EA7400 - Update available
EA7500 v1 - Update available
EA7500 v2 - Update available
EA8300 - Update available
EA8500 - Update available
EA9200
EA9400 - Update available
EA9500 - Update available

Was this support article useful?

Additional Support Questions?

Search Again

CONTACT SUPPORT