Technology
Technology

Over 25,000 Linksys routers leaking information on connected devices

Rappler.com

SUMMARY

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Over 25,000 Linksys routers leaking information on connected devices
Linksys says the issue may be occurring on unpatched routers or those whose settings did not have a firewall enabled

MANILA, Philippines – More than 25,000 Linksys routers were found to have been leaking the full historical records of devices connected to them.

The information leaked includes unique identifiers for those devices, as well as their names and operating systems.

In a post on Bad Packets last Monday, May 13, researcher Troy Mursch added that the “sensitive information disclosure vulnerability requires no authentication and can be exploited by a remote attacker with little technical knowledge.”

The significance of the issue lies in the disclosure of information that people think isn’t supposed to be public. Hackers and other interested parties can use the information to help them track people whose devices were disclosed by the issue.

Linksys responds

Linksys responded on Tuesday, May 14, following Mursch’s post, saying the flaw was patched in 2014 as part of CVE-2014-8244.

Linksys said, “We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique.”

The company added, “We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled.”

An Ars Technica report suggests the existence of the flaw until now would be due to people failing to apply the patch or the patch being ineffective in some cases.

Mursch has listed the full list of vulnerable devices here. Users may want to upgrade their router firmware and then check if the issue persists, following advice on the Bad Packets post linked above. If it does, it may be better to get a different router or to replace the firmware with one from a third party. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!