Popular home routers plagued by critical security flaws

Popular home routers plagued by critical security flaws

A study paints a dim picture of router security, as none of the 127 devices tested was free of severe vulnerabilities



A recent study of more than 100 consumer-grade routers from seven, mostly large vendors has found that nearly all tested routers are affected by scores of unpatched and often severe security flaws that leave the devices – and their users – at risk of cyberattacks.


“[T]here is not a single device without known critical vulnerabilities,” says the damning study, called Home Router Security Report 2020. It was conducted by Germany’s Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) and looked at 127 router models from ASUS, AVM, D-Link, Linksys, Netgear, TP-Link and Zyxel.


“Many routers are affected by hundreds of known vulnerabilities. Even if the routers got recent updates, many of these known vulnerabilities were not fixed. What makes matters even worse is that exploit mitigation techniques are used rarely,” said the researchers, who tallied the average length of time since the latest update at 378 days. A total of 46 routers did not receive any security update within the last year.


The routers were found to be affected by 53 critical-rated vulnerabilities on average; even the device that came out top was affected “only” by 21 such CVEs. No specific vulnerabilities were listed, however.


The study also rated some router models higher than the rest, although by no means is this to say that their owners have a reason to rejoice. “AVM does better job than the other vendors regarding most aspects. ASUS and Netgear do a better job in some aspects than D- ..

Support the originator by clicking the read the rest link below.