{"id":1398,"date":"2019-05-15T14:23:48","date_gmt":"2019-05-15T06:23:48","guid":{"rendered":"https:\/\/tongwing.woon.sg\/blog\/?p=1398"},"modified":"2019-05-15T14:28:38","modified_gmt":"2019-05-15T06:28:38","slug":"vulnerability-in-linksys-and-cisco-routers","status":"publish","type":"post","link":"https:\/\/tongwing.woon.sg\/blog\/vulnerability-in-linksys-and-cisco-routers\/","title":{"rendered":"Vulnerability in Linksys and Cisco routers"},"content":{"rendered":"\n<p>This is a not a good week for network equipment manufacturers.<\/p>\n\n\n\n<p>First, it was discovered that over <a href=\"https:\/\/badpackets.net\/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw\/\">25000 Linksys Smart Wifi routers are vulnerable<\/a> for sensitive information disclosure flaws. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>Using data provided by <a href=\"https:\/\/app.binaryedge.io\/services\/query\">BinaryEdge<\/a>,  our scans have found 25,617 Linksys Smart Wi-Fi routers are currently  leaking sensitive information to the public internet, including:<\/p>\n<p><ul><li>MAC address of every device that\u2019s ever connected to it (full historical record, not just active devices)<\/li><li>Device name (such as \u201cTROY-PC\u201d or \u201cMat\u2019s MacBook Pro\u201d)<\/li><li>Operating system (such as \u201cWindows 7\u201d or \u201cAndroid\u201d)<\/li><\/ul><\/p>\n<p>In some cases additional metadata is logged such as device type,  manufacturer, model number, and description \u2013 as seen in the example  below.<\/p>\n<\/blockquote>\n\n\n\n<p>The picture is worst for even Cisco, which embedded a <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1804\">default SSH keypair in all of its 9000 series devices<\/a>. Basically this means that anyone (who knows the IPv6 address and keypair) can SSH into a vulnerable device and take over it completely. It is so serious that some have described it as a <a href=\"https:\/\/news.ycombinator.com\/item?id=19914658\">backdoor<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a not a good week for network equipment manufacturers. First, it was discovered that over 25000 Linksys Smart Wifi routers are vulnerable for sensitive information disclosure flaws. Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including: MAC address [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,16,10],"tags":[],"_links":{"self":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1398"}],"collection":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/comments?post=1398"}],"version-history":[{"count":4,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1398\/revisions"}],"predecessor-version":[{"id":1402,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1398\/revisions\/1402"}],"wp:attachment":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/media?parent=1398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/categories?post=1398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/tags?post=1398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}