Comcast patched a bug Monday that under certain conditions leaked customer SSID names and passwords of Xfinity routers. The flaw was accessible via the Comcast website used by customers to activate and manage their Xfinity router. The bug did not affect Comcast customers that used their own private routers.
Researchers Karan Saini and Ryan Stevenson discovered the bug on Monday. Saini told Threatpost after notifying the media of his discovery, Comcast was alerted of the glitch and the bug was quickly patched.
The prerequisite for the website vulnerability was that the researchers needed to have an Xfinity customer’s account number and just the street number (but not the name of the street) of the billing address used at the location of the customer leasing the Xfinity router from Comcast.