Tuesday, December 5, 2023

Popular Home Routers Affected With Multiple Critical Security Flaws

By Guru baran

Home Routers

According to a new report, 127 home routers developed by seven different large vendors affected with multiple critical security flaws.

The examination was done by researchers on several aspects such as firmware updates, operating systems, known critical vulnerabilities, and Cryptographic functions.

The study says there is no single router without known critical vulnerabilities, the research conducted by Germany’s Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) and looked at 127 router models from ASUS, AVM, D-Link, Linksys, Netgear, TP-Link, and Zyxel.

Home Routers Affected

More than 90% of the router running Linux OS, one-third of the routers running with an older version of Linux kernel version(2.6.36) updated in 2011.

The routers found to be affected with 53 critical-rated vulnerabilities, the worst-case regarding high severity CVEs is the Linksys WRT54GL powered by the oldest kernel.

“AVM does a better job than the other vendors regarding most aspects. ASUS and Netgear do a better job in some aspects than D-Link, Linksys, TP-Link, and Zyxel,” said the researchers.

For the analysis researchers used FKIE’s Firmware Analysis and Comparison Tool (FACT) to examine the device’s firmware. Full list of affected routers found on GitHub.

The study shows that routers not getting a security update within one year, the worst case is that some devices were not updated since 1969 days.

Routers are exposed to the internet 24 hours a day leading to an even higher risk of malware infection and also attackers can launch various attacks to bypass router’s security.

There is not a single device without known critical vulnerabilities. Huawei is not part of the evaluation at all since they do not provide any firmware on their website, researchers said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Unpatched zero-day Flaw in 79 Netgear Routers Allows Hacker to take Full Control of the Device

6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote Attacks

Managed WAF Protection

Website

Latest articles

cyber security

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...
Chrome

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...
CVE/vulnerability

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...
Cyber Security News

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...
Cyber Security News

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...
CVE/vulnerability

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...
cyber security

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
Guru baran
Guru baranhttps://gbhackers.com

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

[email protected]