For many owners, the arrival of the home router represented a significant leap in security. Before routers, mostly PC users depended solely on a software firewall or, more often than not, operated no firewall at all.
Routers with built-in firewalls have typically proved beneficial. However, a router that provides safety can also give consumers a false feeling of security, leaving them open to attacks that they believe were impossible.
According to a new report, millions of Wi-Fi routers from several famous manufacturers may be vulnerable due to 226 security flaws discovered. A team of security experts from IoT Inspector and CHIP magazine made the discovery.
The newly found security issues affect several Wi-Fi routers from brands including Netgear, Asus, Synology, D-Link, AVM, TP-Link, and Edimax.
The TP-Link Archer AX6000 router is the most vulnerable, with experts discovering 32 faults, followed by the Synology RT-2600ac with 30 defects and the Netgear Nighthawk AX12 with 29 flaws.
Netgear Nighthawk AX12, Asus ROG Rapture GT-AX11000, Edimax BR-6473AX, Linksys Velop MR9600, AVM FritzBox 7530 AX, and AVM FritzBox 7590 AX were also determined to have dozens of vulnerabilities.
Several other vulnerabilities are caused by code errors in Wi-Fi products and impact all Wi-Fi devices, according to Belgian security researcher Mathy Vanhoef.
The absence of new components is likely to be the primary source of the problem. Older versions of fundamental parts, like the Linux kernel, were viable targets for attackers, as were other previous services.
“Some of the security vulnerabilities were discovered many times. Frequently, an out-of-date operating system such as the Linux kernel is used. No manufacturer was up to date in this area due to the high expense of integrating a new kernel into the firmware. The device software is frequently discovered to be obsolete, as it depends too heavily on standard tools such as BusyBox.” reads the advisory published by the experts.
“Aside from routing, additional services provided by the devices, such as multimedia functionality or VPN, are also becoming obsolete.” In reality, many manufacturers utilize default passwords such as “admin,” which may often be seen in plain text.”
Researchers noted that not all of the problems they discovered are exploitable, and they also found false positives. The specialists shared their results with the makers, and most problems have already been addressed.
“The test for secure small business and household routers well exceeded all expectations.” “At the time of the test, all devices indicated serious security weaknesses that might make a hacker’s job considerably simpler,” says Florian Lukavsky, CTO of IoT Inspector.
As soon as organizations were notified of router vulnerabilities, all suppliers swiftly responded by issuing a remedy for the affected models.
Asus, D-Link, Edimax, Linksys, Netgear, Synology, and TP-Link are among them.
Users should upgrade the firmware of their Wi-Fi router as soon as possible to apply the most recent updates and avoid any potential attacks.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.