Multiple Cisco Linksys Routers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the Cloud Connect service, which causes the router to send potentially sensitive information to the vendor (Cisco). There is currently no way to opt out of this feature. This could disclose network history, applications in use, and other potentially sensitive information to a remote attacker that has access to network traffic between the router and Cisco. In addition, the information sent to Cisco may be used in a manner that violates privacy, such as targeted advertising or sharing information with the courts or law enforcement.

OSVDB is not aware of a solution for this vulnerability.

• Generic Informational URL: http://home.cisco.com/en-us/cloud
  http://homecommunity.cisco.com/t5/Wireless-Routers/EA4500-weird-login-screen-can-t-login/td-p/535846
• News Article: http://tech.slashdot.org/story/12/06/29/1425210/cisco-pushing-cloud-connect-router-firmware-allows-web-history-tracking
  http://tech.slashdot.org/story/12/06/29/1425210/cisco-pushing-cloud-connect-router-firmware-allows-web-history-tracking
• Other Advisory URL: http://www.reddit.com/r/technology/comments/vptu9/linksys_just_pushed_and_installed_without_my

• Not Available

NVD does not currently have a CVSSv2 score assigned.