The Linksys Velop Pro 6E and 7 mesh routers have been found to transmit critical information, including passwords and wireless network IDs, without encryption. This leaves the information vulnerable to interception and potential attacks. Owners of these routers are advised to change their SSID and password through an external web browser, rather than the Linksys app, to prevent unencrypted transmission. It is important to keep router firmware up-to-date, although it is unclear if the latest patches address this specific issue. Testaankoop, a consumer organization, reported the vulnerability to Linksys but has not received a response. The exact cause of the issue is unknown, but it is suspected that pre-installed third-party software may be responsible.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| Linksys routers transmit passwords | Insecure transmission to encrypted transmission | Routers transmit encrypted passwords | Increased security measures |
| Users should change passwords externally | Changing passwords within an app to a browser | Changing passwords in apps may become obsolete | Concerns over security vulnerabilities |
| Linksys firmware updates unclear | Clear communication and addressing of vulnerabilities | Firmware updates address security vulnerabilities | Increased accountability and transparency |
| Linksys hasn’t responded to the issue | Improved responsiveness and communication from Linksys | Companies promptly address security vulnerabilities | Increased customer expectations |