Nine Popular WiFi Routers Used by Millions Were Affected by 226 Flaws

In an investigation, cybersecurity experts at IoT Inspector in collaboration with CHIP magazine have recently detected 226 potential security flaws that are affecting nine popular WiFi routers which were used by millions of users around the globe.

The most interesting thing about these popular WiFi routers is they all are running the latest version of their respective firmware. While during this investigation the analysts focused mainly on the models that are used by the small firms and home users.

There are many routers that are still vulnerable to the vulnerabilities that were publicly disclosed, and here they are:-

Common problems that affected most of the models

Apart from this, all the 226 flaws that were discovered recently by the security researchers don’t carry the same risk factor, since there are some common problems that have affected most of the models that were already tested by the experts.

Here below we have mentioned all the common problems:-

  • Outdated Linux kernel in the firmware
  • Outdated multimedia and VPN functions
  • Over-reliance on older versions of BusyBox
  • Use of weak default passwords like “admin”
  • Presence of hardcoded credentials in plain text form

Brands of affected routers

The routers that were analyzed and found to be vulnerable are from well-renowned brands like:-

  • Asus
  • AVM
  • D-Link
  • Netgear
  • Edimax
  • TP-Link
  • Synology
  • Linksys

Here among other brands, the list is headed by the TP-Link Archer AX6000 with 32 security flaws, and behind TP-Link comes the Synology RT-2600ac with 30 security flaws.

In the case of D-Link routers, they have published technical details about their findings, due to the extraction of the encryption key concern; but, they didn’t share any technical details regarding others.

Manufacturers who acknowledged promptly

All the manufacturers released all the necessary firmware patches, and also responded to the researchers’ findings. But, among them, the ones who responded promptly are:-

  • Asus
  • D-Link
  • Netgear
  • Edimax
  • TP-Link
  • Synology
  • Linksys

There is only one brand that is not on this list is “AVM,” though it doesn’t mean that AVM hasn’t released any patch. What it implies is that AVM responded later, as compared to all these brands.


For precautionary measures, the security researchers have recommended users to follow the recommendations that we have mentioned below:-

  • Immediately apply the available security updates.
  • Always enable “automatic updates.”
  • Frequently change your password.
  • Change your default password with the one that is unique and strong.
  • Disable remote access.
  • Disable UPnP (Universal Plug and Play).
  • Disable the WPS (WiFi Protected Setup) functions.

To mitigate any further attacks, and keep yourself secure you have to follow the above-mentioned recommendations.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago