U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Dozens of Linksys router models leak data useful for hackers

Dozens of Linksys router models are affected by a flaw that causes the leak of data that can be used by attackers …. and the company won’t fix it. Security researcher Troy Mursch, Chief Research Officer of Bad Packets, discovered that over 20,000 Linksys wireless routers are leaking full historical records of every device ever connected to them. […]

Linksys flaw

Dozens of Linksys router models are affected by a flaw that causes the leak of data that can be used by attackers …. and the company won’t fix it.

Security researcher Troy Mursch, Chief Research Officer of Bad Packets, discovered that over 20,000 Linksys wireless routers are leaking full historical records of every device ever connected to them.

The leaked information includes devices’ unique identifiers, names, and operating systems, clearly, these data could be abused by hackers for attacks.

According to Mursch, the root cause of the data leak is a persistent vulnerability that resides in dozens of models of Linksys routers. Unfortunately, the flaw is very easy to exploit, and it is possible.

The devices continue to leak the information even when their firewall is turned on.

The expert used the Binary Edge IoT search engine to find vulnerable devices, earlier this week he discovered 25,617 routers that were leaking a total of 756,565 unique MAC addresses.

The disclosure of the historical records of devices that have connected to a specific router exposes the users to attacks, the knowledge of MAC addresses could be abuse by APT groups in targeted attacks, like the recent supply chain attack against ASUS.

The situation could be worse if owners of the routers were using default admin credentials. The issue discovered by the expert, in fact, could be used by attackers to discover if the vulnerable routers are still using default administrative passwords.

Mursch discovered that about 4,000 of the vulnerable devices were still using the default admin credentials. The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware.

Mursch reported the flaw to Linksys, but unfortunately, the company closed the issue as “Not applicable / Won’t fix.”

Mursch published the list of vulnerable devices released on Pastebin.

Linksys flaw

If you are using one of the vulnerable devices you would replace it.

If you manage a MongoDB instance follow the guidelines on “how to secure a MongoDB database” 

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – LinkSys, Data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]