Vulnerability in Linksys routers exposes devices’ sensitive information

According to web application security testing specialists, over 25k Linksys Smart WiFi routers are impacted by a vulnerability that, if exploited, would allow hackers remote access without authentication to extensive critical resources on compromised devices.

Experts comment that this incident is similar to a security flaw in the firmware of these devices emerged in 2014 (vulnerability tracked as CVE-2014-8244); exploiting this flaw allowed hackers to obtain confidential information and modify data through a JNAP action in a JNAP/HTTP request.

Web application security testing experts reported that the Linksys security team labeled this security flaw in the “Not apply/Will not be fixed” category, so finishing the security incident.

Now, specialists found 25 617 Linksys routers exposing sensitive information such as:

  • Device name
  • MAC address of each device
  • Operating system
  • WAN settings, firewall status, firmware upgrade settings, and DDNS settings
  • Additional metadata (device type, model number and a brief description)

It is possible to access these leaks by opening the login interface of the Linksys Smart WiFi router in any web browser and then clicking on the JNAP requests in the left sidebar, the web application security testing specialists mentioned. Access to this information does not require any kind of authentication, so any user without expertise can access these leaks.

Threat actors exploiting vulnerability can perform some malicious activities such as:

  • Get SSID and WiFi password in plain text
  • Change DNS settings to use malicious DNS server and hijack router traffic
  • Use UPnP to redirect outgoing traffic to hacker-controlled devices
  • Disable the user’s Internet connection or modify some other settings for malicious purposes

However, not everything is lost; consider experts from the International Institute of Cyber Security (IICS). According to the reports, almost 15k of the vulnerable devices had the function of automatic firmware updates enabled, so they will be protected if the company decides to correct the vulnerability.