• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

Linksys "smart" Wi-Fi routers leaking records of every device ever connected because, why not?

Syriel

Syriel

Banned
Dec 13, 2017
11,088
Nasty little bug.

How can the vulnerability be exploited?
  1. Go to the Linksys Smart Wi-Fi router's public IP address in your web browser
  2. Open the developer console (F12 key) and go to the Network tab
  3. Scroll down to JNAP (there's multiple) and click to open it
Click to expand...
Click to shrink...

How many Linksys Smart Wi-Fi routers are vulnerable?

Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including:
  1. MAC address of every device that's ever connected to it (full historical record, not just active devices)
  2. Device name (such as "TROY-PC" or "Mat's MacBook Pro")
  3. Operating system (such as "Windows 7" or "Android")
In some cases additional metadata is logged such as device type, manufacturer, model number, and description
Click to expand...
Click to shrink...

https://badpackets.net/over-25000-l...ble-to-sensitive-information-disclosure-flaw/

Linksys claims it is fixed. Security researchers disagree, so they went public when Linksys closed the report as NA.

https://arstechnica.com/information...storic-record-of-every-device-ever-connected/
 
OP
OP
Syriel

Syriel

Banned
Dec 13, 2017
11,088
On the upside, if you use a third party firmware, it's not an issue.

Hopefully news of the disclosure allows people to be aware/mitigate.
 
You must log in or register to reply here.