Report: Most Popular Home Routers Have ‘Critical’ Flaws

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers.

The “Home Router Security Report” (PDF) by Peter Weidenbach and Johannes vom Dorp—both from the German think tank Fraunhofer Institute–found that not only did all of the routers they examined have flaws, many “are affected by hundreds of known vulnerabilities,” the researchers said.

On average, the routers analyzed–—by vendors such as D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel—were affected by 53 critical-rated vulnerabilities (CVE), with even the most “secure” device of the bunch having 21 CVEs, according to the report. Researchers did not list the specific vulnerabilities.
Researchers examined the routers based on several key aspects: device updates, version of operating system and any known critical vulnerabilities affecting them; exploit mitigation techniques by vendors and how often they activate them; the existence of private cryptographic key material in the router’s firmware; and the existence of hard-coded login credentials.

“To sum it up, our analysis shows that there is no router without flaws and there is no vendor who does a perfect job regarding all security aspects,” Weidenbach and vom Dorp wrote. “Much more effort is needed to make home routers as secure as current desktop or server systems.”
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Asus is probably the vendor that supports their home routers the longest. Merlin at snbforum pointed out their metrics must be pretty automated or based off of people using unsupported hardware, potentially looking at extremely old or failed products. They say that ASUS updates their routers less often than every 300 days, but they release 2-3 firmware updates a year for all supported models. Some of which are more than 5 years old.
 
Last edited:

brigantes

Level 1
Jun 22, 2020
40
None of them prioritize firmware patches. And after so long they issue no further firmware security updates. This is the practice and it shall never change.
 

woodrowbone

Level 10
Verified
Dec 24, 2011
480
My ASUS RT-AC86U gets updated on a regular basis I think, 1-2 months in between.
They quickly adapted to the new "corona" situation with people working at home, supporting many necessary apps.
AiProtection works well to, despite what some people say about it.

Anyway, I run Untangle in bridge mode behind it, picking up the pieces, if ASUS by chance got overrun.

/W
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top