Home » News » General » Over 25,000 Linksys routers are leaking device data: Report

Over 25,000 Linksys routers are leaking device data: Report

By Vignesh Giridharan | Updated on 20-May-2019
Over 25,000 Linksys routers are leaking device data: Report
Vignesh Giridharan Vignesh Giridharan
20-May-2019
HIGHLIGHTS

Over 25,000 Linksys Smart Wi-Fi routers are currently leaking device details because of a security vulnerability.

Linksys doesn't seem to think it's a problem but it can let attackers see details like the device name and MAC address of connected devices.

Over twenty-five thousand Smart Wi-Fi routers made by American networking hardware company Linksys are leaking details of devices connected to it, says a recent report by Bad Packets Report. The affected routers could have apparently been facing a security vulnerability since as early as 2014. If the vulnerability is exploited, an attacker could gain unauthenticated remote access to sensitive information on connected devices through the affected routers.

According to the recently published report by Troy Mursch, the affected routers—which number 25,617 in total—are currently exposing the following details to a potential attacker: MAC address of every device connected to them (full historical record), device name, and its operating system. “Other sensitive information about the router such as the WAN settings, firewall status, firmware update settings, and DDNS settings are also leaked publicly,” writes Mursch. Following are the affected Linksys Smart Wi-Fi routers:

In the security report, the author explains how to go about exploiting the vulnerability. The author also talks about the risks of such a leak. “If a device’s name includes the full name of the owner, this flaw allows attackers to determine the identity of owner and geolocate them via the Linksys Smart Wi-Fi router’s public IP address,” adds Mursch. The vulnerability makes the routers prone to targeted attacks by cybercriminals on home and business networks alike.

Mursch also goes on to say that the vulnerability in these Linksys routers lets an unauthenticated attacker know which routers are still on their default login password (like, “admin”) without even logging in. According to the report, Linksys’ response to the vulnerability report sent to the company was “Not applicable/Won’t fix”. About half of these affected routers have automatic firmware updates enabled, so if Linksys does realise the problem in the future and patches it, a part of the problem will be solved automatically without any user intervention.

Inline image courtesy: Bad Packets Report

Vignesh Giridharan

Vignesh Giridharan

Progressively identifies more with the term ‘legacy device’ as time marches on. View Full Profile

New Mobiles
iQOO Z9s 5GTecno Pova 6 NeoHonor 200 Literealme NARZO 70 Turbo 5G
Top-10s
Best OnePlus Mobile Phones in IndiaBest Motorola Smartphones in IndiaBest Gaming Phones under ₹10,000 in IndiaBest Quad Camera Mobile Phones in India
Latest News
Amazon Great Indian Festival 2024: Sale date, offers and more revealedBest Xiaomi smartphones under ₹15,000: September 2024Intel India Leaders on the AI PC Revolution: “The Tipping Point Is Now”Did Earth ever have rings like Saturn? Study links asteroid breakup to climate change
Digit

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

Follow us : logo logo logo logo logo logo
Company About Us Contact Us Advertise with us Regulatory Terms & Conditions Privacy Policy Disclaimer Complaint Redressal
Copyright © 2024 Bennett, Coleman & Company Limited All Rights Reserved.
Digit.in
Logo
Digit.in
Logo