XaiJu
dtns
dtns

patreon


Consumer Routers Riddled With Unpatched Vulnerabilities - Threatwire

Added 2021-12-07 20:13:15 +0000 UTC

By Shannon Morse, ThreatWire

Shoutout to David on my Patreon for recommending this story. Nine different routers have a total of 226 potential vulnerabilities affecting them, including some of which that are fully updated to the latest firmware. These include brands like Asus, DLink, Netgear, TP Link, Synology, Linksys, AVM, and Edimax. The TP Link Archer AX6000 has 32 of the flaws, and Synology’s RT-2600AC has 30 flaws. Netgears Nighthawk AX12 has 29 issues. The ASUS ROG Rapture has 25. The DLink box has a vulnerability that allowed the researchers to gain local privileges and get shell access, eventually allowing them to extract the AES encryption key.

The vulnerabilities were discovered by IoT Inspector researchers in a partnership with CHIP magazine, and focused on small business and home user routers. In each case, a router was provided by the manufacturer, fully updated, and CHIP and IoT Inspector checked for 5000 CVEs and security flaws. They found many were still vulnerable to attacks including many attacks considered high risk. The problems associated with these vulnerabilities were common - problems like the router using an outdated linux kernel, using weak passwords for default, like Admin, having hardcoded creds in plain text.

In each manufacturers case, the brand did respond swiftly by offering fixes via firmware updates. In the case of Synology, the updates should also benefit other connected Synology devices. There are several ways you can circumvent potential attacks using these vulnerabilities (or any for that matter in terms of routers in general). Applying available security updates, enabling auto update, changing default passwords, disabling remote access, and disabling UPnP and WPS are recommended.

Router Security:

https://www.iot-inspector.com/wp-content/uploads/2021/11/Chip-IoT-Inspector-Router-Sicherheit-Test.pdf
https://www.iot-inspector.com/blog/extracting-decryption-keys-dlink/
https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/
https://www.iot-inspector.com/blog/router-security-check-2021/



More Creators

KateCakes

KateCakes

 patreon
pavel_tatarskiy

pavel_tatarskiy

 patreon
Michael Prescott

Michael Prescott

 patreon
GreenishPurple

GreenishPurple

 patreon
omegasunburst

omegasunburst

 patreon
REX

REX

 gumroad
ookamithewolf1

ookamithewolf1

 patreon
habie147

habie147

 patreon
KawaiiStacie

KawaiiStacie

 gumroad
MauLer

MauLer

 patreon
tristian_mouse

tristian_mouse

 patreon
LulaMoon

LulaMoon

 patreon
スだち

スだち

 fanbox
refsheet

refsheet

 patreon
胡麻猫

胡麻猫

 fanbox
Chatfic Lab

Chatfic Lab

 patreon
Shrimpy Jam

Shrimpy Jam

 patreon
vhsrallies

vhsrallies

 patreon
Leonaura

Leonaura

 patreon
mei1988

mei1988

 fanbox
leeboxxx

leeboxxx

 patreon
vamyj

vamyj

 patreon
DragonuAKA47

DragonuAKA47

 patreon
WildNTR

WildNTR

 patreon
Patryk Ponichtera

Patryk Ponichtera

 gumroad
膳

fanbox
td13

td13

 patreon
K3r3n & K3ts

K3r3n & K3ts

 patreon
Ecchi Vault

Ecchi Vault

 patreon
TK Creation

TK Creation

 fanbox
GengarUsedLick

GengarUsedLick

 patreon
bluefrok

bluefrok

 patreon
おデン

おデン

 fanbox
Dinzee_1

Dinzee_1

 gumroad
UniT_Presets

UniT_Presets

 patreon
cell

cell

 fanbox
くれれ@P

くれれ@P

 fanbox
xiaomengsao

xiaomengsao

 fanbox
GlazedBun

GlazedBun

 patreon
漫画・作画チャンネル【FANBOX】

漫画・作画チャンネル【FANBOX】

 fanbox