Some Linksys network appliances have a remote administration and configuration interface via HTTP, either from the local network, or, if it's enabled, from any host across the internet.
The implementation of the embedded HTTP server presents several different exploitable vulnerabilities, some of them allow an unauthorised user to gain control of the appliance, some let an attacker reboot it, and some are of an unknown severity.
Linksys has posted firmware updates for the following affected products:
- Linksys BEFSR41 / BEFSR11 / BEFSRU31. Firmware v. 1.44
- Linksys BEFSR81. Firmware v. 2.44
- Linksys BEFVP41. Firmware v. 1.40.4
- Linksys BEFSX41. Firmware v. 1.44
- Linksys BEFW11S4 ver2. Firmware v. 1.44To download these, click here.For the advisory, click here.