Popular Routers Are Having Bugs Even When Running in Latest Firmware

Security researchers found hundreds of vulnerabilities in popular routers, which put millions of users at risk of hacks. Most vendors have issued patches for securing these bugs, after being informed.

The routers are tested in their latest firmware condition but still pose simple bugs like outdated Linux version, storing of credentials in plain text format, using default login details from the manufacturer, etc.

Popular Routers With Bugs

Popular Routers Are Having Bugs Even When Running in Latest FirmwareInternet routers being the prime and focal point for accessing network devices should always be secured. Hijacking them could lead the threat actor to control or exploit the connected devices, much easier than anything else. But, they’re left exposed to bugs, even in their latest condition.

As reported by the security researchers at IoT Inspector, a security test ran across popular routers with CHIP Magazine, has revealed over 226 potential vulnerabilities in all of them. This is dreadful because all the routers tested were checked when running in their latest firmware.

These routers belonged to brands like Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, all are used by millions of people, putting all of them at hacking risk. Amongst them, the TP-Link Archer AX6000 and Synology RT-2600ac were leading the pack with 32 and 30 security bugs respectively.

The vulnerabilities resulting from the test in most cases are due to;

  • Outdated Linux kernel in the firmware
  • Over-reliance on older versions of BusyBox
  • Outdated multimedia and VPN functions
  • Presence of hardcoded credentials in plain text form
  • Use of weak default passwords like “admin”.

Most vendors have issued patches for securing these bugs, after being informed by the researchers. Further, general directions are issued to secure the routers, like enabling “automatic updates”, and changing the default password. something that’s strong and unique.

Also, disabling the remote access, UPnP (Universal Plug and Play), and the WPS (WiFi Protected Setup) features when not used actively, can help remote attacks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here