Linksys is aware of the vulnerability in some E-Series routers and is working on a fix, said Mike Duin, a spokesman for Linksys owner Belkin, in an email Friday.
Ullrich outlined several mitigation strategies in comments to his blog post. First of all, routers that are not configured for remote administration are not directly exposed to this attack. If a router needs to be administered remotely, restricting access to the administrative interface by IP address will help reduce the risk, Ullrich said. Changing the port of the interface to something other than 80 or 8080, will also prevent this particular attack, he said.
Sign up for Computerworld eNewsletters.