A high-severity vulnerability has been identified in multiple Linksys Wi-Fi extender products, earning a CVSS score of 8.8. This flaw could allow an unauthenticated remote attacker to take complete control of an affected device. Successful exploitation could lead to network traffic interception, unauthorized access to the internal network, and disruption of service.

The vulnerability is a critical weakness in the web-based management interface of the affected Linksys devices. An unauthenticated attacker on the same network segment can send a specially crafted HTTP request to the device, triggering a remote code execution condition. This would allow the attacker to execute arbitrary commands on the underlying operating system with the highest level of privileges, leading to a full compromise of the device.

This vulnerability presents a High severity with a CVSS score of 8.8. Exploitation could have significant consequences for the organization, as the affected Wi-Fi extenders are trusted devices within the network perimeter. A successful attack could lead to a complete loss of confidentiality, integrity, and availability of the device and the network traffic it handles. Specific risks include interception of sensitive data (e.g., credentials, financial information), using the compromised device as a pivot point to attack other internal systems, disrupting network connectivity, and enrolling the device into a botnet for use in larger attacks.

Immediate Action: Apply the security updates released by Linksys to all affected devices immediately. Prioritize patching for devices that are accessible from less trusted network segments. After patching, monitor for any signs of exploitation attempts that may have occurred prior to the update and review system and access logs for any unauthorized activity.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from affected devices. Specifically, look for unusual inbound connection attempts to the device's management interface, unexpected outbound connections initiated from the device, and anomalies in DNS requests. System logs should be monitored for unexpected reboots, configuration changes, or error messages.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Ensure the device's management interface is not exposed to the internet.
• Use network segmentation to isolate the Wi-Fi extenders from critical servers and workstations.
• Implement access control lists (ACLs) on network infrastructure to restrict access to the management interface to only authorized administrative personnel and systems.

Public Exploit Available: false

Due to the high severity score of 8.8, which indicates a critical risk of unauthenticated remote code execution, immediate patching is the highest priority. This vulnerability allows an attacker to gain a significant foothold within the network perimeter. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high impact and low attack complexity make it a prime candidate for future inclusion. Organizations must act proactively to apply the vendor-provided patches across all affected Linksys devices to prevent potential compromise.