A new critical vulnerability has been discovered that is affecting Linksys home routers

Linksys wireless users forced to reset their passwords after a researcher discovered a critical software vulnerability in March 2020.

Linksys routers are being targeted in a cyber attack that changes the router config. The config change redirects the user to a coronavirus website that downloads malware.

Attackers are exploiting a vulnerability in the Linksys Home Smart Wi-Fi application.  The Linksys Home Smart Wi-Fi application is a password-protected webpage that allows customers to easily manage their Wi-Fi and router settings. Attackers can gain access to the Linksys Smart Wi-Fi account with credential-stuffing attack.

Once an attacker has gained access to the router, the attacker can change the DNS routing function so victims would be redirected to any malicious website of the attackers choosing.

 

Linksys is notifying customers over the flaw and forcing customers to reset their router passwords.