Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw May 13, 2019 https://badpackets.net/over-25000-l...ble-to-sensitive-information-disclosure-flaw/
I have now tried three times to inquire about this vulnerability on the Linksys Forums -- My posts were deleted each and every time !! In view of the following from the link in the OP, I guess I should not be surprised. "Upon contacting the Linksys security team (security@linksys.com) we were advised to report the vulnerability via this form. After submitting our findings, the reviewing analyst determined the issue was “Not applicable / Won’t fix” and subsequently closed." https://badpackets.net/over-25000-l...ble-to-sensitive-information-disclosure-flaw/ Outrageous Censorship !! Linksys Coverup ??
Linksys Security Advisory "Bad Packets Report (Date: 5/14/2019) Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network. We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled." https://www.linksys.com/us/support-article?articleNum=246427
Bad Packets Twitter site great for info on latest attacks against routers and network devices: https://twitter.com/bad_packets