Nine Popular WiFi Routers Used by Millions Were Affected by 226 Flaws

In an investigation, cybersecurity experts at IoT Inspector in collaboration with CHIP magazine have recently detected 226 potential security flaws that are affecting nine popular WiFi routers which were used by millions of users around the globe.

The most interesting thing about these popular WiFi routers is they all are running the latest version of their respective firmware. While during this investigation the analysts focused mainly on the models that are used by the small firms and home users.

There are many routers that are still vulnerable to the vulnerabilities that were publicly disclosed, and here they are:-

Common problems that affected most of the models

Apart from this, all the 226 flaws that were discovered recently by the security researchers don’t carry the same risk factor, since there are some common problems that have affected most of the models that were already tested by the experts.

Here below we have mentioned all the common problems:-

• Outdated Linux kernel in the firmware
• Outdated multimedia and VPN functions
• Over-reliance on older versions of BusyBox
• Use of weak default passwords like “admin”
• Presence of hardcoded credentials in plain text form

Brands of affected routers

The routers that were analyzed and found to be vulnerable are from well-renowned brands like:-

• Asus
• AVM
• D-Link
• Netgear
• Edimax
• TP-Link
• Synology
• Linksys

Here among other brands, the list is headed by the TP-Link Archer AX6000 with 32 security flaws, and behind TP-Link comes the Synology RT-2600ac with 30 security flaws.

In the case of D-Link routers, they have published technical details about their findings, due to the extraction of the encryption key concern; but, they didn’t share any technical details regarding others.

Manufacturers who acknowledged promptly

All the manufacturers released all the necessary firmware patches, and also responded to the researchers’ findings. But, among them, the ones who responded promptly are:-

• Asus
• D-Link
• Netgear
• Edimax
• TP-Link
• Synology
• Linksys

There is only one brand that is not on this list is “AVM,” though it doesn’t mean that AVM hasn’t released any patch. What it implies is that AVM responded later, as compared to all these brands.

Recommendations

For precautionary measures, the security researchers have recommended users to follow the recommendations that we have mentioned below:-

• Immediately apply the available security updates.
• Always enable “automatic updates.”
• Frequently change your password.
• Change your default password with the one that is unique and strong.
• Disable remote access.
• Disable UPnP (Universal Plug and Play).
• Disable the WPS (WiFi Protected Setup) functions.

To mitigate any further attacks, and keep yourself secure you have to follow the above-mentioned recommendations.

You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.