So a friend of mine is using a higher-end Linksys Wireless Router that is on the list of routers with these vulnerabilities. Sophos sums up the three main risks as follows: "...The flaws could allow attackers to: Cause a Denial of Service (DoS) by sending requests to an unamed API. Admins would be locked out until the attack stopped. Use CGI web server scripts to reveal connected devices and computers, dump the WPS Wi-Fi PIN code, and list firmware version and configuration settings. Create a hidden “backdoor” account with root privileges and the ability to run commands. The third flaw requires an attacker to log in first,..." https://nakedsecurity.sophos.com/2017/04/21/multiple-security-holes-discovered-in-linksys-routers/ He wants to know if he should buy a cheapo, but adequate, router until a patch is issued. What would you advise him? Does "dump the WPS Wi-Fi PIN code" mean that a someone could hijack onto his bandwith? Is it as easy to brute force a router's administrator's PW as it is to brute force any type of PW?
It's probably sufficient at this point. Just because vulnerabilities exist, it doesn't mean you will be attacked immediately if ever.
