Some versions of a popular Wi-Fi router sold under the Linksys brand expose users to a variety of exploits that allow remote attackers to take full control of the devices, a security expert said. The most severe of the vulnerabilities in the “classic firmware” for the Linksys EA2700 Network Manager is a cross-site request forgery weakness in the browser-based administration panel, according to Phil Purviance, an information security specialist at AppSec Consulting. He said routers running the software also don’t require the current password to be entered when the passcode is changed. By exploiting the two weaknesses together, attackers can take full control of the router by luring anyone connected to it to a booby-trapped website. Malicious JavaScript in the end-user’s browser resets the password and turns on remote management capabilities.