According to the security expert Troy Mursch there is a vulnerability in more than 30 different Linksys routers that can be used to read the connected devices. As Linksys explains, the vulnerability should no longer exist since 2014. The manufacturer of the routers states that they have not succeeded in reproducing the security gap with current firmware.
As Arstechnica reports, Mursch nevertheless managed to find more than 20,000 routers that can still be read despite the current firmware. The security expert was able to retrieve more than 750,000 Mac addresses from connected devices and determine whether the default password of the affected routers had been changed by the user. In addition, the status of the firewall, the operating system of the connected devices and the WLAN settings can be read out.
On Pastebin.com Mursch has published a list of vulnerable router models. The vulnerability can be easily reproduced even by inexperienced users. To do this, only the IP address of the router is opened in the browser in order to call up the login field. The read data are contained in the JNAP files, which can be viewed without login data via the developer tools of the browser.
Login user interface can be called up online
By default, the login interface of the 33 Linksys routers can also be retrieved from the Internet, as this feature is required for the Linksys app. This cannot be deactivated without further ado.
Of the approximately 20,000 routers, about 4,000 devices were still operated with the standard password. Hackers could easily log on to the devices’ web interface and change settings such as the WLAN password or DNS servers.
The gap was already reported to Linksys on 7 May, who are not providing an update due to the alleged impossibility of reproduction. Instead, the company claims that Mursch must have used firmware that was released before 2014, or that the tests were conducted with the firewall disabled. According to Mursch, however, the vulnerability is still present even with an active firewall and current firmware.
Currently there is no protection against the vulnerability. If Linksys decides to provide an update, most routers will be patched automatically, as most of the 15,000 routers have the autoupdate active.