This post has been updated to add comments Linksys made online, which says company researchers couldn't reproduce the information disclosure exploit on routers that installed a patch released in 2014. More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. Besides handing out device information, vulnerable routers also leak whether their default administrative passwords have been changed. In a statement published Tuesday, one day after Mursch's post went live, Linksys representatives wrote: Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique.