Linksys router hole could crash network

An exploit has surfaced that could allow an attacker to monitor traffic from some Linksys Group routers or crash the devices.

An exploit has surfaced that could allow an attacker to monitor traffic from some Linksys Group routers or crash the devices.

The exploit was published by security alert service SecuriTeam.com and Linksys has yet to release a fix for the issue, according to researchers.

The exploit has been confirmed on BEFSR41 and BEFW11S4 routers, commonly used by small and medium-sized businesses as a broadband gateway, but may affect any Linksys router with a DHCP server.

A later version of the BEFSR41 is not vulnerable, according to Danish security firm Secunia. The device is available in several versions; versions 1 and 2 use firmware that has not been updated for a year, while version 3 is more up to date - any firmware after version 1.05.00 fixes the problem, Secunia said.

The problem lies with the way the DHCP server handles BOOTP requests.

The server responds with BOOTP fields filled with portions of memory; if the router has experienced recent activity, that activity will be recorded in the BOOTP fields. If enough BOOTP packets are sent, the router stops routing packets and must be rebooted to recover. The exploit can only retrieve recent traffic.

Secunia said that in most cases the vulnerability could only be exploited by users on the local network if the router is properly configured.

"DHCP traffic should be restricted to a local network only," said Secunia researcher Carsten Eiram. "Accepting DHCP traffic from the internet and other untrusted networks is a potential security issue in itself."

However, it was noted that Linksys routers attached to a wireless network are likely to be more at risk.

Matthew Broersma writes for TechWorld.com

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close