Loading....

Remote Zero-Day Exploit In Linksys WRT54G Routers

Remote Zero-Day Exploit In Linksys WRT54G Routers

Linksys WRT54GLBack in the day, the WRT54G used to be the router.  That hasn’t been the case for years though.  A lot of “techs” who read, but don’t actually practice, tend to sing the praises of the WRT54G as though it were the holy grail of routers.  What they don’t know is, the router they evangelizing, isn’t the hardware it once was.

Before I go on, I’ll wait while those of you interested in the technical details, go and read this first:

http://nerdvent.net/2012/07/12/stop-telling-people-to-buy-wrt54gs/

Ok, everyone back?  Good, let’s continue.

First of all, the Linksys WRT54G simply is not the class of router a small business should have in place.  Anyone recommending it is bringing their personal home setup, into the wrong arena.  And don’t try to start the conversation about, “You can flash the router and install DD-WRT.”  Tell that to a consignment store owner and let him/her know you’re going to personally maintain it for life.

Now there are even bigger problems with the Linksys WRT54G.  There’s a remote zero-day exploit for the router, allowing an attacker to remotely connect to and obtain root (i.e. full admin access) over your router, all its files, settings, etc.

Remote Zero-Day Exploit for Linksys WRT54G
Remote Zero-Day Exploit for Linksys WRT54G | (Image Source: DefenseCode)

According to the team who discovered the exploit, and despite Linksys saying they’ve patched it…

The latest official Linksys firmware – 4.30.14 and all previous versions are still vulnerable.

So what started as a blog post about how the Linksys WRT54G simply isn’t the router “kids” think it is, has now become much more serious.  Apparently a fix is on the way but this will most-likely require users to download and flash a new firmware update.

ESET Nod32 Version 6 Released Today

ESET Nod32 Version 6

ESET Nod32 Version 6 was released today.  By default, ESET Nod32 does not check for and install new program updates automatically.  For any clients on our Monthly Support Plan or any clients who have purchased consignment workstations or database servers from The Computer Peeps and as per PCI DSS, this is one of the many adjustments we make to properly secure your system.  Your systems will update automatically.

To manually check for program updates, visit the Updates tab of ESET and then click the Check button.  ESET will check for the latest update…

ESET Manually Check for Updates
ESET Manually Check for Updates

[hr]

[info_box style=”notice”]Tip: Setup > Enter Advanced Setup > Update > Advanced Update Setup > Setup to enable the Regularly check for latest product version option, as well as the ‘Always update program components’ option.[/info_box]

[hr]

Once ESET has checked and found the latest update, click Install

ESET Nod32 Install Update
ESET Nod32 Install Update

ESET will require a reboot once this update has been installed…

ESET Restart Recommended
ESET Restart Recommended

The new version is for the most part, the same as version 5 and is not a complete departure.  That being said, ESET has added handy new features and optimized program performance even more than before.

They’ve added a new Social Media Scanner, which we highly recommend enabling and installing.

ESET Social Media Scanner
ESET Social Media Scanner

You’ll be prompted to install ESET’s Facebook app…

ESET Facebook App
ESET Facebook App

This new extension of ESET, protects your Facebook page by scanning for malicious posts, links, and messages.  It can even alert your friends, if they have malicious content on their Facebook walls.

ESET Facebook App Scan
ESET Facebook App Scan

The settings available cover options such as email notifications and whether or not the ESET app should ‘reply’ to posts from infected/malicious posters…

ESET Facebook App Settings
ESET Facebook App Settings

Overall, this has been a smooth update thus far.  Make sure your antivirus is updating automatically, but as always, make sure you’re taking all the precautions to manage your systems – e.g. file backups, system images, database backups, etc.

For clients on our new System Monitoring & Patch Management Service, we’ll be alerted as each system automatically updates to the latest version of ESET and we will be checking on each and every system…

Peeps' System Monitor ESET Nod32 Installation Alert
Peeps’ System Monitor ESET Nod32 Installation Alert

If you have any questions or comments, feel free to post below!

Back To Top