META NAME="Keywords" CONTENT="Popular, Small, Office, Router, Has, Security, Hole, cyber-crime, cybercrime, computer crime">
A software security company is warning of a security hole in a router by Linksys Group commonly used in small offices, home offices and home networks.
The Linksys 4-Port Cable/DSL Router (BEFSR41) can be crashed by a remote user by entering a specially-designed URL to address the router, said the company, iDefense. In most cases, the attacker would need to be on a computer connected to the router, but the attack can be executed remotely if the remote management feature of the router is enabled.
Linksys said remote administration is switched off by default. For the system to be vulnerable, the user needs to switch on remote administration, and the password needs to be known to the intruder-either because the administrator of the router gave out the password, or because the password was never switched from factory default.
"Linksys encourages its router users to upgrade BEFSR41 router firmware to 1.42.7 or later, and to disable 'Remote Administration' whenever the feature is not being used," the company said in a written statement.
The vulnerability applies to routers using a firmware version older than 1.42.7; iDefense recommends users upgrade to a later version. The upgrade is available Other Linksys models, including the BEFSR11 and BEFSRU31, might also be affected, iDefense said.