25,000 Linksys Smart Wi-Fi routers exist sensitive information disclosure vulnerability
Serious vulnerabilities that have leaked large amounts of data since 2014 have been exposed, and Linksys routers that have not changed the default password can even help hackers physically locate devices and users in the real world. Researcher Troy Mursch claims that over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw, which means that hackers can access important data. In the cyber threat intelligence company’s Bad Packets Report, sensitive information is leaking, although manufacturers are denying this.
Linksys was bought in 2013 by Belkin —and that firm was then bought by Foxconn in 2018 —and that firm says that its staff hasn’t been able to reproduce Mursch’s findings.
“We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce [it],” said Linksys in an online security advisory, “meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique.”
“While [this flaw] was supposedly patched for this issue, our findings have indicated otherwise,” says Bad Packets. “Upon contacting the Linksys security team, we were advised to report the vulnerability… After submitting our findings, the reviewing analyst determined the issue was ‘not applicable/won’t fix’ and subsequently closed.“
A complete list of affected Linksys router models has been reported on the Bad Packets site.
