home.social

#linksys — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #linksys, aggregated by home.social.

  1. @antdude @rstevens I have one of those wrt54gl's mounted on my ice cream truck power-wheels car for development telemetry!

    #ppprs #gokart #wifi #linksys

  2. @web_martin @fds2610 Es gibt keinen offiziellen Weg von #Amazon. Jetzt hat jemand einen #Exploit entwickelt, der den Bootloader entsperrt und den Weg für CustomROMs freimacht.
    #LineageOS bietet sich an, da es #OpenSource ist und für den Betrieb auf unterschiedlichster Hardware vorbereitet ist.

    So ähnlich läuft es schon seit Jahrzehnten. #DBox2, #Linksys #WRT54G, Windows Mobile PDAs,... bei allen wurde die #Firmware reversed und dann wurden Alternativen entwickelt.
    Teilweise sind aus diesen Entwicklungen neue Produkte, Firmen oder Communities entstanden.

    DBox2->#Dreambox->div. #Linux Receiver

    Linksys WRT54G->#OpenWRT/#DD-WRT->z.B. Gli.NET

    Ob man diesen anfänglichen Versuchen vertraut, bleibt natürlich jedem selbst überlassen. Ich find's jedenfalls super. Endlich geht sowas mal wieder 😀

  3. @web_martin @fds2610 Es gibt keinen offiziellen Weg von #Amazon. Jetzt hat jemand einen #Exploit entwickelt, der den Bootloader entsperrt und den Weg für CustomROMs freimacht.
    #LineageOS bietet sich an, da es #OpenSource ist und für den Betrieb auf unterschiedlichster Hardware vorbereitet ist.

    So ähnlich läuft es schon seit Jahrzehnten. #DBox2, #Linksys #WRT54G, Windows Mobile PDAs,... bei allen wurde die #Firmware reversed und dann wurden Alternativen entwickelt.
    Teilweise sind aus diesen Entwicklungen neue Produkte, Firmen oder Communities entstanden.

    DBox2->#Dreambox->div. #Linux Receiver

    Linksys WRT54G->#OpenWRT/#DD-WRT->z.B. Gli.NET

    Ob man diesen anfänglichen Versuchen vertraut, bleibt natürlich jedem selbst überlassen. Ich find's jedenfalls super. Endlich geht sowas mal wieder 😀

  4. @web_martin @fds2610 Es gibt keinen offiziellen Weg von #Amazon. Jetzt hat jemand einen #Exploit entwickelt, der den Bootloader entsperrt und den Weg für CustomROMs freimacht.
    #LineageOS bietet sich an, da es #OpenSource ist und für den Betrieb auf unterschiedlichster Hardware vorbereitet ist.

    So ähnlich läuft es schon seit Jahrzehnten. #DBox2, #Linksys #WRT54G, Windows Mobile PDAs,... bei allen wurde die #Firmware reversed und dann wurden Alternativen entwickelt.
    Teilweise sind aus diesen Entwicklungen neue Produkte, Firmen oder Communities entstanden.

    DBox2->#Dreambox->div. #Linux Receiver

    Linksys WRT54G->#OpenWRT/#DD-WRT->z.B. Gli.NET

    Ob man diesen anfänglichen Versuchen vertraut, bleibt natürlich jedem selbst überlassen. Ich find's jedenfalls super. Endlich geht sowas mal wieder 😀

  5. @web_martin @fds2610 Es gibt keinen offiziellen Weg von #Amazon. Jetzt hat jemand einen #Exploit entwickelt, der den Bootloader entsperrt und den Weg für CustomROMs freimacht.
    #LineageOS bietet sich an, da es #OpenSource ist und für den Betrieb auf unterschiedlichster Hardware vorbereitet ist.

    So ähnlich läuft es schon seit Jahrzehnten. #DBox2, #Linksys #WRT54G, Windows Mobile PDAs,... bei allen wurde die #Firmware reversed und dann wurden Alternativen entwickelt.
    Teilweise sind aus diesen Entwicklungen neue Produkte, Firmen oder Communities entstanden.

    DBox2->#Dreambox->div. #Linux Receiver

    Linksys WRT54G->#OpenWRT/#DD-WRT->z.B. Gli.NET

    Ob man diesen anfänglichen Versuchen vertraut, bleibt natürlich jedem selbst überlassen. Ich find's jedenfalls super. Endlich geht sowas mal wieder 😀

  6. It would be interesting to hear the original justification for adding the following to the #Linksys MX4200 iptables:

    -A INPUT -i eth0 -j wan2self
    -A wan2self -j wan2self_ports
    -A wan2self_ports -p tcp -m tcp --sport 5222 -j xlog_accept_wan2self
    -A xlog_accept_wan2self -j ACCEPT

    It's not often you see something that is so difficult to argue to be something else than a deliberate #backdoor. seclists.org/fulldisclosure/20

  7. Plethore of critical #Linksys MX4200 Wi-Fi router vulnerabilities (that were originally reported to Linksys nearly a year ago!) are still unfixed:

    - [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal seclists.org/fulldisclosure/20
    - [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function seclists.org/fulldisclosure/20
    - [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
    seclists.org/fulldisclosure/20

    On first read it might appear that many of these vulnerabilities would only be exploitable by accessing the device non-WAN interface(s) from inside the local network. However, due to the SYSS-2025-014 vulnerability the normally "LAN only RCE" vulnerabilities (SYSS-2025-010 and -011) and SQL injection (SYSS-2025-009) can be performed from the WAN interface (read: the internet). The attacker merely needs to make the connection originate from port 5222 (which is trivial to arrange via local bind before connect).

    Update: Users of Linksys MX4200 should upgrade to firmware version 2.0.7.216620 or later. While not all of the security issues are fixed, it at least should stop the attacks via the WAN interface (SYSS-2025-014). support.linksys.com/kb/article

    #linksys #fulldisclosure #vulnerability #infosec #cybersecurity

  8. Plethore of critical #Linksys MX4200 Wi-Fi router vulnerabilities (that were originally reported to Linksys nearly a year ago!) are still unfixed:

    - [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal seclists.org/fulldisclosure/20
    - [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function seclists.org/fulldisclosure/20
    - [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
    seclists.org/fulldisclosure/20

    On first read it might appear that many of these vulnerabilities would only be exploitable by accessing the device non-WAN interface(s) from inside the local network. However, due to the SYSS-2025-014 vulnerability the normally "LAN only RCE" vulnerabilities (SYSS-2025-010 and -011) and SQL injection (SYSS-2025-009) can be performed from the WAN interface (read: the internet). The attacker merely needs to make the connection originate from port 5222 (which is trivial to arrange via local bind before connect).

    Update: Users of Linksys MX4200 should upgrade to firmware version 2.0.7.216620 or later. While not all of the security issues are fixed, it at least should stop the attacks via the WAN interface (SYSS-2025-014). support.linksys.com/kb/article

    #linksys #fulldisclosure #vulnerability #infosec #cybersecurity

  9. Plethore of critical #Linksys MX4200 Wi-Fi router vulnerabilities (that were originally reported to Linksys nearly a year ago!) are still unfixed:

    - [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal seclists.org/fulldisclosure/20
    - [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function seclists.org/fulldisclosure/20
    - [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
    seclists.org/fulldisclosure/20

    On first read it might appear that many of these vulnerabilities would only be exploitable by accessing the device non-WAN interface(s) from inside the local network. However, due to the SYSS-2025-014 vulnerability the normally "LAN only RCE" vulnerabilities (SYSS-2025-010 and -011) and SQL injection (SYSS-2025-009) can be performed from the WAN interface (read: the internet). The attacker merely needs to make the connection originate from port 5222 (which is trivial to arrange via local bind before connect).

    Update: Users of Linksys MX4200 should upgrade to firmware version 2.0.7.216620 or later. While not all of the security issues are fixed, it at least should stop the attacks via the WAN interface (SYSS-2025-014). support.linksys.com/kb/article

    #linksys #fulldisclosure #vulnerability #infosec #cybersecurity

  10. Plethore of critical #Linksys MX4200 Wi-Fi router vulnerabilities (that were originally reported to Linksys nearly a year ago!) are still unfixed:

    - [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal seclists.org/fulldisclosure/20
    - [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function seclists.org/fulldisclosure/20
    - [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
    seclists.org/fulldisclosure/20

    On first read it might appear that many of these vulnerabilities would only be exploitable by accessing the device non-WAN interface(s) from inside the local network. However, due to the SYSS-2025-014 vulnerability the normally "LAN only RCE" vulnerabilities (SYSS-2025-010 and -011) and SQL injection (SYSS-2025-009) can be performed from the WAN interface (read: the internet). The attacker merely needs to make the connection originate from port 5222 (which is trivial to arrange via local bind before connect).

    Update: Users of Linksys MX4200 should upgrade to firmware version 2.0.7.216620 or later. While not all of the security issues are fixed, it at least should stop the attacks via the WAN interface (SYSS-2025-014). support.linksys.com/kb/article

    #linksys #fulldisclosure #vulnerability #infosec #cybersecurity

  11. Plethore of critical #Linksys MX4200 Wi-Fi router vulnerabilities (that were originally reported to Linksys nearly a year ago!) are still unfixed:

    - [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal seclists.org/fulldisclosure/20
    - [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function seclists.org/fulldisclosure/20
    - [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection seclists.org/fulldisclosure/20
    - [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
    seclists.org/fulldisclosure/20

    On first read it might appear that many of these vulnerabilities would only be exploitable by accessing the device non-WAN interface(s) from inside the local network. However, due to the SYSS-2025-014 vulnerability the normally "LAN only RCE" vulnerabilities (SYSS-2025-010 and -011) and SQL injection (SYSS-2025-009) can be performed from the WAN interface (read: the internet). The attacker merely needs to make the connection originate from port 5222 (which is trivial to arrange via local bind before connect).

    Update: Users of Linksys MX4200 should upgrade to firmware version 2.0.7.216620 or later. While not all of the security issues are fixed, it at least should stop the attacks via the WAN interface (SYSS-2025-014). support.linksys.com/kb/article

    #linksys #fulldisclosure #vulnerability #infosec #cybersecurity

  12. Had half day off today.
    Thought I'd "simply" set up some #vlan: one main, one #IoT, and one for my #poe ip cameras.
    It took some work to set it up on my #GL.iNET #Flint3 #router, my
    #Linksys #LGS528P was simple to setup
    But after some tweaking (8 hours later) it seems all is now going well.
    Even @homeassistant works in the new setup

  13. @dashdsrdash @kim @FLOX_advocate It is usually not regular computers or servers that are a problem. It is all the embedded devices that are the issue. I have an old crappy 8 port #dlink smartswitch, a #vonage #linksys VOIP device, an #epson eco-tank printer, and a #roku premiere from them that is holding me back from moving #ipv6 .

  14. So here is my new #OPNsense Router.
    My old router is a #Linksys WRT3200ACM running #DDWRT & it's blue, so I called it #Tachikoma from #GhostInTheShell.
    So went with the same theme here.
    I am really happy with it😁.
    I'm still getting for feel for OPNsense & where everything is
    I've been playing with Suricata & I got Zenarmor installed.

    For more info about my network setup & more Pic's
    Click The Link: pcpartpicker.com/b/sK3ypg

    #Intel #OPNsense #Firewall #Router #Suricata #Zenarmor #FreeBSD #InFoSec

  15. So here is my new #OPNsense Router.
    My old router is a #Linksys WRT3200ACM running #DDWRT & it's blue, so I called it #Tachikoma from #GhostInTheShell.
    So went with the same theme here.
    I am really happy with it😁.
    I'm still getting for feel for OPNsense & where everything is
    I've been playing with Suricata & I got Zenarmor installed.

    For more info about my network setup & more Pic's
    Click The Link: pcpartpicker.com/b/sK3ypg

    #Intel #OPNsense #Firewall #Router #Suricata #Zenarmor #FreeBSD #InFoSec

  16. So here is my new #OPNsense Router.
    My old router is a #Linksys WRT3200ACM running #DDWRT & it's blue, so I called it #Tachikoma from #GhostInTheShell.
    So went with the same theme here.
    I am really happy with it😁.
    I'm still getting for feel for OPNsense & where everything is
    I've been playing with Suricata & I got Zenarmor installed.

    For more info about my network setup & more Pic's
    Click The Link: pcpartpicker.com/b/sK3ypg

    #Intel #OPNsense #Firewall #Router #Suricata #Zenarmor #FreeBSD #InFoSec

  17. So here is my new #OPNsense Router.
    My old router is a #Linksys WRT3200ACM running #DDWRT & it's blue, so I called it #Tachikoma from #GhostInTheShell.
    So went with the same theme here.
    I am really happy with it😁.
    I'm still getting for feel for OPNsense & where everything is
    I've been playing with Suricata & I got Zenarmor installed.

    For more info about my network setup & more Pic's
    Click The Link: pcpartpicker.com/b/sK3ypg

    #Intel #OPNsense #Firewall #Router #Suricata #Zenarmor #FreeBSD #InFoSec

  18. So here is my new #OPNsense Router.
    My old router is a #Linksys WRT3200ACM running #DDWRT & it's blue, so I called it #Tachikoma from #GhostInTheShell.
    So went with the same theme here.
    I am really happy with it😁.
    I'm still getting for feel for OPNsense & where everything is
    I've been playing with Suricata & I got Zenarmor installed.

    For more info about my network setup & more Pic's
    Click The Link: pcpartpicker.com/b/sK3ypg

    #Intel #OPNsense #Firewall #Router #Suricata #Zenarmor #FreeBSD #InFoSec

  19. Fortinet 傘下となった #Linksys#OpenWrt を採用したルータで日本再参入とのこと。信頼性に重点を置いたハードウェアで OpenWrt を採用しているモデルは特に国内では珍しいので興味深い。OpenWrt は Linksys 製ルータの代替ファームウェアとして開発が始まったことを考えると感慨深い,かも。

    internet.watch.impress.co.jp/d
    akiba-pc.watch.impress.co.jp/d

  20. An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm.

    #vulnerability #cybersecurity #cve #linksys

    🔗 vulnerability.circl.lu/vuln/cv

  21. Warum das #FBI aktuell vor unsicheren #Routern warnt - und wo die Hersteller unbedingt noch nachbessern müssen: Verschiedene Router-Modelle von #Linksys sind mit Schwachstellen behaftet und sollten deshalb nicht mehr verwendet werden.

    Nach wie vor werden im Netzwerk die WLAN-Router nicht regelmäßig auf ihre #Cybersecurity hin überprüft - oder sind abgekündigte und daher ungepatchte Auslaufmodelle, was dabei hilft, diese zu kompromittieren und in Botnetze zu integrieren:

    ic3.gov/CSA/2025/250507.pdf

  22. New Threat Update from GreyNoise — Significant spike in exploitation attempts targeting Linksys E-Series routers, likely Mirai. Full analysis ⬇️
    greynoise.io/blog/heightened-i

    #Cybersecurity #ThreatIntel #GreyNoise #Mirai #Linksys

  23. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:
    根據Testaankoop發現,兩款Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至Amazon (AWS)伺服器,威脅使用者安全。該組織在11月時已向Linksys提出警告,但迄今未獲得有效措施。Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。此外,該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款,因為存在嚴重的網路入侵和資料損失風險。這將影響個人和企業環境。

    🎯 Key Points:
    1. Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至AWS伺服器。
    2. Testaankoop在11月向Linksys提出警告,但未獲得有效措施。
    3. Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。
    4. 該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款。
    5. 這將影響個人和企業環境。

    🔖 Keywords:
    #Linksys
    #Velop
    #Pro 6E
    #Pro 7
    #AWS
    #Security
    #Data Breach
    #Privacy

  24. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:
    根據Testaankoop發現,兩款Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至Amazon (AWS)伺服器,威脅使用者安全。該組織在11月時已向Linksys提出警告,但迄今未獲得有效措施。Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。此外,該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款,因為存在嚴重的網路入侵和資料損失風險。這將影響個人和企業環境。

    🎯 Key Points:
    1. Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至AWS伺服器。
    2. Testaankoop在11月向Linksys提出警告,但未獲得有效措施。
    3. Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。
    4. 該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款。
    5. 這將影響個人和企業環境。

    🔖 Keywords:
    #Linksys
    #Velop
    #Pro 6E
    #Pro 7
    #AWS
    #Security
    #Data Breach
    #Privacy

  25. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:
    根據Testaankoop發現,兩款Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至Amazon (AWS)伺服器,威脅使用者安全。該組織在11月時已向Linksys提出警告,但迄今未獲得有效措施。Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。此外,該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款,因為存在嚴重的網路入侵和資料損失風險。這將影響個人和企業環境。

    🎯 Key Points:
    1. Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至AWS伺服器。
    2. Testaankoop在11月向Linksys提出警告,但未獲得有效措施。
    3. Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。
    4. 該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款。
    5. 這將影響個人和企業環境。

    🔖 Keywords:
    #Linksys
    #Velop
    #Pro 6E
    #Pro 7
    #AWS
    #Security
    #Data Breach
    #Privacy

  26. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:
    根據Testaankoop發現,兩款Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至Amazon (AWS)伺服器,威脅使用者安全。該組織在11月時已向Linksys提出警告,但迄今未獲得有效措施。Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。此外,該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款,因為存在嚴重的網路入侵和資料損失風險。這將影響個人和企業環境。

    🎯 Key Points:
    1. Linksys Velop Pro 6E和7款無線網路路由器將Wi-Fi登入詳細資料以明碼傳送至AWS伺服器。
    2. Testaankoop在11月向Linksys提出警告,但未獲得有效措施。
    3. Testaankoop建議已購買受影響路由器的使用者透過網頁介面而非應用程式更改網路名稱和密碼。
    4. 該組織也建議消費者不要購買Linksys Velop Pro WiFi 6E和7款。
    5. 這將影響個人和企業環境。

    🔖 Keywords:
    #Linksys
    #Velop
    #Pro 6E
    #Pro 7
    #AWS
    #Security
    #Data Breach
    #Privacy

  27. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:

    Testaankoop, the Belgian equivalent of the Consumers' Association, discovered that two Linksys routers, the Velop Pro 6E and Velop Pro 7 mesh routers, are sending Wi-Fi login details in plaintext to Amazon (AWS) servers in the US. This security breach allows attackers to intercept the communication between the routers and the Amazon server, potentially capturing the Wi-Fi network name (SSID) and password as they are transmitted in plaintext. Despite being warned in November, Linksys has not taken effective measures to address this issue. The recommended solution is to change the Wi-Fi network name and password via the web interface instead of the app. Mesh routers like the Velop series are designed to improve Wi-Fi distribution in large or multi-story homes but can be vulnerable to this type of security breach. Testaankoop suspects the issue may be related to third-party software used in the Linksys firmware, but it does not excuse the vulnerability. The researchers strongly advise against buying these routers due to the serious risk of network intrusion and data loss. Snowflake is now mandating Multi-Factor Authentication (MFA) across all user accounts to mitigate security risks.

    🎯 Key Points:

    - Testaankoop discovered a security breach in two Linksys routers, the Velop Pro 6E and Velop Pro 7, which are sending Wi-Fi login details in plaintext to Amazon (AWS) servers in the US.
    - Attackers can intercept the communication between the routers and the Amazon server, potentially capturing the Wi-Fi network name (SSID) and password as they are transmitted in plaintext.
    - Despite being warned in November, Linksys has not taken effective measures to address this issue.
    - The recommended solution is to change the Wi-Fi network name and password via the web interface instead of the app.
    - Mesh routers like the Velop series are designed to improve Wi-Fi distribution in large or multi-story homes but can be vulnerable to this type of security breach.
    - Testaankoop suspects the issue may be related to third-party software used in the Linksys firmware, but it does not excuse the vulnerability.
    - The researchers strongly advise against buying these routers due to the serious risk of network intrusion and data loss.

    🔖 Keywords:

    #Linksys #Velop #mesh #router #security #plaintext #AWS #man-in-the-middle #cybersecurity #third-party #firmware #WiFi #SSID #password #plaintext #web #app #data #breach #nodes #large homes #multi-story homes #Patagonia #AI privacy #Snowflake #MFA #Google

  28. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:

    根據Testaankoop的調查,發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器,包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼,從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告,但該公司並未採取有效措施,直到Testaankoop再次聯絡後才進行了更新,但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在,即使是最新的Linksys 7 Pro,都無法避免。研究人員建議消費者不要購買這些路由器,因為存在嚴重的網路入侵和資料損失的風險。

    🎯 Key Points:

    Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器,包括Linksys Velop Pro 6E和Velop Pro 7。
    這個漏洞讓攻擊者能夠攔截SSID和密碼,進行竊聽和惡意攻擊。
    Testaankoop多次向Linksys提出警告,但該公司未採取有效措施。
    更新後的固件仍無法解決問題。
    這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在。
    研究人員建議不要購買這些路由器,並建議用戶更改Wi-Fi網路名稱和密碼。

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

    🔖 Keywords:

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

  29. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:

    根據Testaankoop的調查,發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器,包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼,從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告,但該公司並未採取有效措施,直到Testaankoop再次聯絡後才進行了更新,但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在,即使是最新的Linksys 7 Pro,都無法避免。研究人員建議消費者不要購買這些路由器,因為存在嚴重的網路入侵和資料損失的風險。

    🎯 Key Points:

    Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器,包括Linksys Velop Pro 6E和Velop Pro 7。
    這個漏洞讓攻擊者能夠攔截SSID和密碼,進行竊聽和惡意攻擊。
    Testaankoop多次向Linksys提出警告,但該公司未採取有效措施。
    更新後的固件仍無法解決問題。
    這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在。
    研究人員建議不要購買這些路由器,並建議用戶更改Wi-Fi網路名稱和密碼。

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

    🔖 Keywords:

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

  30. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:

    根據Testaankoop的調查,發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器,包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼,從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告,但該公司並未採取有效措施,直到Testaankoop再次聯絡後才進行了更新,但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在,即使是最新的Linksys 7 Pro,都無法避免。研究人員建議消費者不要購買這些路由器,因為存在嚴重的網路入侵和資料損失的風險。

    🎯 Key Points:

    Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器,包括Linksys Velop Pro 6E和Velop Pro 7。
    這個漏洞讓攻擊者能夠攔截SSID和密碼,進行竊聽和惡意攻擊。
    Testaankoop多次向Linksys提出警告,但該公司未採取有效措施。
    更新後的固件仍無法解決問題。
    這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在。
    研究人員建議不要購買這些路由器,並建議用戶更改Wi-Fi網路名稱和密碼。

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

    🔖 Keywords:

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

  31. Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

    Link
    📌 Summary:

    根據Testaankoop的調查,發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器,包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼,從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告,但該公司並未採取有效措施,直到Testaankoop再次聯絡後才進行了更新,但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在,即使是最新的Linksys 7 Pro,都無法避免。研究人員建議消費者不要購買這些路由器,因為存在嚴重的網路入侵和資料損失的風險。

    🎯 Key Points:

    Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器,包括Linksys Velop Pro 6E和Velop Pro 7。
    這個漏洞讓攻擊者能夠攔截SSID和密碼,進行竊聽和惡意攻擊。
    Testaankoop多次向Linksys提出警告,但該公司未採取有效措施。
    更新後的固件仍無法解決問題。
    這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在。
    研究人員建議不要購買這些路由器,並建議用戶更改Wi-Fi網路名稱和密碼。

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

    🔖 Keywords:

    #Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches