Thousands of Linksys routers have disclosed detailed device connection records


If you were looking for more proof that all of your connected devices were there for you, look no further than New report from Bad Packets research director Troy Mursch, which revealed last week that dozens of Linksys Smart Wi-Fi routers are leaking full records of all devices that have ever connected to them. Some of the information that can be unearthed by exploiting this flaw includes MAC address, device name, WAN settings, firewall status and even if the router default password has been set. already been modified.

With the help of BinaryEdge Cyber ​​Security Team, Bad Packets was able to find 25,617 Linksys routers that were leaking sensitive information on the public Internet. As Mursch says, exploiting the flaw does not require authentication “and can be exploited by a remote attacker with little technical knowledge”.

If you are wondering what hackers might do with the information they steal by exploiting this flaw, Mursch explains that a MAC address is a unique identifier for a networked device and can be used to track a device as it goes. moves between networks. Additionally, if there is any identifying information in the device name (like the full name of the owner), a hacker could determine the identity of the device owner and geotag it with a public IP address. .

In a strange twist Linksys issued a statement regarding the security flaw, claiming that not only was it fixed with an update in 2014 (which Mursch specifically says is not the case), but that it was unable to replicate the exploit described by Mursch in his report. Here is the full statement:

Linksys responded to a vulnerability submission from Bad Packets on May 7, 2019 regarding a potential sensitive information disclosure vulnerability: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models reported by Bad Packets using the latest publicly available firmware (with default settings) and were unable to reproduce CVE-2014-8244; which means that it is not possible for a remote attacker to recover sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network. We believe that the examples provided by Bad Packets are of routers that are using older versions of firmware or have manually disabled their firewalls. Customers are strongly encouraged to update their routers to the latest firmware available and to check their router’s security settings to ensure the firewall is enabled.

If you have any of the Linksys Mursch router names in its report, you should first make sure your firmware is up to date, but you can also consider replacing it with a device that is not on the list.

Source link


Leave A Reply