Nasty little bug.
https://badpackets.net/over-25000-l...ble-to-sensitive-information-disclosure-flaw/
Linksys claims it is fixed. Security researchers disagree, so they went public when Linksys closed the report as NA.
https://arstechnica.com/information...storic-record-of-every-device-ever-connected/
How can the vulnerability be exploited?
- Go to the Linksys Smart Wi-Fi router's public IP address in your web browser
- Open the developer console (F12 key) and go to the Network tab
- Scroll down to JNAP (there's multiple) and click to open it
How many Linksys Smart Wi-Fi routers are vulnerable?
Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including:
In some cases additional metadata is logged such as device type, manufacturer, model number, and description
- MAC address of every device that's ever connected to it (full historical record, not just active devices)
- Device name (such as "TROY-PC" or "Mat's MacBook Pro")
- Operating system (such as "Windows 7" or "Android")
https://badpackets.net/over-25000-l...ble-to-sensitive-information-disclosure-flaw/
Linksys claims it is fixed. Security researchers disagree, so they went public when Linksys closed the report as NA.
https://arstechnica.com/information...storic-record-of-every-device-ever-connected/