Our routers contain a lot more data than we would think or assume, and as such, there might be some information on our routers that some might not feel comfortable with sharing due to privacy concerns. Unfortunately, for some Linksys users, they did not really get a say in the matter.
In a report from security researcher Troy Mursch, he has found that over 33 Linksys router models are experiencing a security vulnerability in which their entire device connection histories have been exposed. This includes information such as MAC addresses, device names, OS versions, and so on.
The information also shows whether or not the router’s default passwords have changed, meaning that if they haven’t, someone could in theory access them. It has been estimated that over 20,000 devices have been affected by this vulnerability, in which around 4,000 of them are still using the default passwords that come with the router.
Linksys has since responded to this discovery but claim that they were not able to reproduce the issue. “We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique.” They suggest that the devices that are vulnerable are either using an older version of the router’s firmware or might have manually disabled their firewall.
Whether or not this is the case, it’s probably not the worst idea to get the latest firmware updates for your router and to ensure that your firewalls have been enabled.