silversurfer

Level 61
Verified
Trusted
Content Creator
Malware Hunter
A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers.

The “Home Router Security Report” (PDF) by Peter Weidenbach and Johannes vom Dorp—both from the German think tank Fraunhofer Institute–found that not only did all of the routers they examined have flaws, many “are affected by hundreds of known vulnerabilities,” the researchers said.

On average, the routers analyzed–—by vendors such as D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel—were affected by 53 critical-rated vulnerabilities (CVE), with even the most “secure” device of the bunch having 21 CVEs, according to the report. Researchers did not list the specific vulnerabilities.
Researchers examined the routers based on several key aspects: device updates, version of operating system and any known critical vulnerabilities affecting them; exploit mitigation techniques by vendors and how often they activate them; the existence of private cryptographic key material in the router’s firmware; and the existence of hard-coded login credentials.

“To sum it up, our analysis shows that there is no router without flaws and there is no vendor who does a perfect job regarding all security aspects,” Weidenbach and vom Dorp wrote. “Much more effort is needed to make home routers as secure as current desktop or server systems.”
 

blackice

Level 27
Verified
Asus is probably the vendor that supports their home routers the longest. Merlin at snbforum pointed out their metrics must be pretty automated or based off of people using unsupported hardware, potentially looking at extremely old or failed products. They say that ASUS updates their routers less often than every 300 days, but they release 2-3 firmware updates a year for all supported models. Some of which are more than 5 years old.
 
Last edited:

brigantes

Level 1
None of them prioritize firmware patches. And after so long they issue no further firmware security updates. This is the practice and it shall never change.
 

woodrowbone

Level 10
Verified
My ASUS RT-AC86U gets updated on a regular basis I think, 1-2 months in between.
They quickly adapted to the new "corona" situation with people working at home, supporting many necessary apps.
AiProtection works well to, despite what some people say about it.

Anyway, I run Untangle in bridge mode behind it, picking up the pieces, if ASUS by chance got overrun.

/W
 
Top