More than 20,000 Linksys routers hit by serious security exploit

It appears that over 21,000 Linksys routers have been leaking sensitive data about what devices have connected to them – including MAC addresses, device names and what operating system they use.

Perhaps most worryingly, information about whether or not the default admin passwords have been changed on the router has also been made accessible. This could allow malicious users to easily gain access to these routers.

Is your router a cybersecurity risk?
We've chosen the best internet security suites
How to protect your devices against ZombieLoad

The leak was spotted by Troy Mursch last week, and it affects a large number of Linksys router models, including the Linksys AC3200 Tri-Band Smart Wi-Fi Router, the Linksys MAX-STREAM series and the Velop range of Mesh Wi-Fi routers.

Mursch has published the full list of affected routers, so if you own a Linksys router, make sure you check to see if your model is listed.

How bad is this?

Pretty bad. You don’t want your router making any details about the devices you use public, but the fact that this leak offers up such detailed device connection histories is very troubling.

The MAC address of each device essentially works as a unique ‘fingerprint’ for identifying it when it connects to a Wi-Fi network. Knowing the MAC address of a device such as a smartphone would allow people to track the device as it connected to different networks.

Meanwhile, leaking the device name could give attackers personal information that could help identify you – for example, if the device name contains your name.

There have been examples in the past of malicious users – such as the Shadowhammer group – using leaked MAC addresses to attack over a million Asus laptops earlier this year.

And, of course, by letting people know if the router still uses the default admin password is a huge security risk. If you haven’t changed the default admin password yet – make sure you do, no matter what make of router you use.

What should I do?

If you own a Linksys router, the first thing you should do is check the list above to see if your model is affected. Most Linksys routers have automatic updates installed, so when Linksys releases a fix, the routers should automatically apply the patch.

Still, it’s worth logging on to your router and making sure automatic updates are enabled. While you’re there, make sure you change the default admin password if you haven’t already.

Linksys actually released a patch for this problem back in 2014, so you can check to see if you have it installed, but it looks like many routers remain vulnerable.

According to Arstechnica, Linksys has said that its researchers couldn’t reproduce the exploit on routers that have that 2014 patch installed.

If you’re still concerned, then we recommend replacing the router (check out our list of the best wireless routers for guidance), or installing third-party firmware like OpenWrt.