Linksys VELOP Routers Expose WiFi Credentials in Plain Text: Millions at Risk of Cyber Attacks

In a worrying turn of events, researchers at Security Research Labs have uncovered a serious vulnerability in certain Linksys VELOP routers that broadcasts WiFi credentials in plain text

In a shocking revelation, researchers at the Security Research Labs have discovered that certain Linksys VELOP routers are broadcasting WiFi credentials in plain text. The unencrypted data transmission could leave millions of users vulnerable to cyber attacks and data breaches.

According to a report published on Hackaday, an unauthenticated attacker with access to the router's network can intercept these packets and obtain the WiFi password, potentially gaining entry to unsuspecting victims' networks. This vulnerability affects all models of Linksys VELOP routers running firmware version 2.0.35 or earlier.

The research team discovered the issue while investigating a separate security flaw in the Linksys Smart WiFi app, which also exposes the router's credentials in plain text. The combined vulnerabilities could potentially enable an attacker to gain unauthorized access to both the victim's home network and their connected devices.

Linksys acknowledged the issue and advised users to update their routers to the latest firmware (2.0.4) as soon as possible. The company also recommended changing their WiFi passwords and enabling WPA3 encryption for added security.