20,000 Linksys routers leak historic record of every device ever connected
4 replies, posted
https://arstechnica.com/information-technology/2019/05/33-linksys-router-models-leak-full-historic-record-of-every-device-ever-connected/
Mursch said he disclosed the information leakage publicly after he privately reported it to Linksys officials and they closed the issue after determining it “Not applicable / Won’t fix.” Ars emailed press representatives of Belkin, the company that acquired Linksys in 2013, seeking comment earlier this week and never received a response.
Vulnerable devices.
https://files.facepunch.com/forum/upload/113148/3a24c49b-a8ce-4a54-9876-3b738c49805e/image.png
How much you want to bet they’re going to look into the issue now since it has media attention?
When doesn't a company look into an issue when shit hits the fan?
It's more pointing out how they didn't have any concern at all until it blew up. They marked it "won't fix".
Funny how exposing something publicly changes things from "won't fix" to "high/critical priority". Responsible disclosure has to come with the kudgel of public exposure or else companies would sweep everything under the rug.
neat
https://files.facepunch.com/forum/upload/240249/60898507-dc0e-4200-9bb6-892a6aa156d6/1-loginpage.png
https://files.facepunch.com/forum/upload/240249/b603406b-407c-40bd-a368-c769ce4bd4c8/2-devices.png
https://files.facepunch.com/forum/upload/240249/886e2ad1-c108-4c3b-ad70-90315f656414/3-model.png
https://files.facepunch.com/forum/upload/240249/9dfbf3cd-0b4f-4242-bf72-44d131f8cfff/4-noupdates.png
not seeing any options for remote administration, i seem to remember one existing before but being disabled by default, so it's LAN-only but still shit
Sorry, you need to Log In to post a reply to this thread.