Most Home Routers Have Critical Flaws

Walden Systems Geeks Corner News Most Home Routers Have Critical Flaws Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

A review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. The report by Peter Weidenbach and Johannes vom Dorp found that not only did all of the routers they examined have flaws, many are affected by hundreds of known vulnerabilities. The routers analyzed by vendors such as D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel, had on average, 53 critical vulnerabilities. The most secure device has 21 critical vulnerabilities, according to the report.

Researchers examined the routers based device updates, version of operating system and any known critical vulnerabilities affecting them. They also examined exploit mitigation techniques by vendors and how often they are activated. They also checked for the the existence of private cryptographic key material in the router's firmware and checked if there were hard-coded login credentials. The analysis shows that there are no routers without flaws and there is no vendor who does a perfect job regarding all security aspects.


While people make common mistakes when configuring home routers, they are not the primary reasons for the lack of security found among the devices. The shows that device vendors, despite knowing the security risks, are still doing a poor job to secure their routers even before users take them out of the box. Researchers checked the router's most recent firmware versions in five security related areas. Of the 127, they managed to extract 117 completely, finding that 116, or 91 percent, were running Linux.

While Linux can be a very secure OS, researchers found that many of the routers were powered by very old versions of Linux that lack support and are riddled with issues. Most devices are still powered with a 2.6 Linux kernel, which hasn't been maintained for many years. This leads to a high number of critical and high-severity CVEs affecting these devices.

Another problem affecting the security of routers was that the device firmware is not updated as often as it should be. However, even updates to the router's firmware didn't fix the problems in many cases. Adding to the problems, vendors rarely used common exploit mitigation techniques that make a home device more secure, using passwords that can easily be cracked by hackers or even well known passwords that users cant change. Having hard coded credentials is an especially vulnerable situation as seen by the Mirai botnet, which used hard-coded telnet credentials to infect millions of embedded devices.

Some vendors seem to prioritize security a bit more than others, according to the report. AVM International was the best in terms of all the security aspects researchers examined, although the company's routers still contained. ASUS and Netgear also prioritized device security more than some of the other vendors. Both update their routers more frequently than their rival companies, and use more current, supported versions of the Linux kernel for their firmware. Those from D-Link, Linksys, TP-Link and Zyxel did the worst in terms of how well common security were addressed out of the box.