It seems this badpackets article may not be accurate.
Security issues still remain... and these have not been addressed in their "SmartWiFi" platform.
is another issue - and yes, that's a problem, as to many, they won't know how to clear it.
There's other issues - for example, cannot disable Samba, even if no storage is attached, and then there's the well known issue with Guest Network where WiFi is open, and uses a captive portal approach.
Linksys CloudConnect is the default option, and this requires trust of their upstream platform (and required if one wants to use the smartphone app).
The JNAP/HNAP issue is still a problem, but not just for Linksys, but if one knows the sysinfo.cgi, certain things are still exposed, not just for HNAP, but to get the keys to the whole kingdom - which I pointed out in a round-about way with the Guest Network Captive portal.
Linksys needs to be aware that an attack can come in from the LAN side - BadPackets didn't tell the whole story on their Website.
To Linksys' credit, at least with the WRT's, they do rotate the initial admin password for first installs.
I'm a bit disappointed with Linksys' response
- which is basically "cannot duplicate" -- someone reported a bug/issue, and they can reproduce it, if Linksys cannot, that means they're not trying hard enough, or just don't understand the entire context of the issue.
Linksys responded to a vulnerability submission from Bad Packets on May 7th, 2019 regarding a potential sensitive information disclosure flaw: CVE-2014-8244 (which was fixed in 2014). We quickly tested the router models flagged by Bad Packets using the latest publicly available firmware (with default settings) and have not been able to reproduce CVE-2014-8244; meaning that it is not possible for a remote attacker to retrieve sensitive information via this technique. JNAP commands are only accessible to users connected to the router’s local network. We believe that the examples provided by Bad Packets are routers that are either using older versions of firmware or have manually disabled their firewalls. Customers are highly encouraged to update their routers to the latest available firmware and check their router security settings to ensure the firewall is enabled.