An easily exploitable software vulnerability in a common home networking router by Linksys Group Inc. could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense Inc., a software security company.
Linksys, based in Irvine, California, could not immediately be reached for comment.
Linksys is one of a number of companies that sell low-priced network gear to SOHO (small office/home office) customers. The product, the Linksys BEFSR41 EtherFast Cable/DSL router, is a low-cost router that allows two or more computers to share an ethernet or broadband Internet connection.
A security hole in some versions of the software -- called "firmware" -- used by the router could allow a remote user to crash the device, interrupting Internet service for any computers attached to it, according to iDefense.
To cause a crash, an attacker only needs to enter the URL (uniform resource locator) for a CGI (Common Gateway Interface) script used to configure and manage the router without providing any "arguments" (input for the script to process), according to iDefense.