Categories: CVE/vulnerability

Popular Home Routers Affected With Multiple Critical Security Flaws

According to a new report, 127 home routers developed by seven different large vendors affected with multiple critical security flaws.

The examination was done by researchers on several aspects such as firmware updates, operating systems, known critical vulnerabilities, and Cryptographic functions.

The study says there is no single router without known critical vulnerabilities, the research conducted by Germany’s Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) and looked at 127 router models from ASUS, AVM, D-Link, Linksys, Netgear, TP-Link, and Zyxel.

Home Routers Affected

More than 90% of the router running Linux OS, one-third of the routers running with an older version of Linux kernel version(2.6.36) updated in 2011.

The routers found to be affected with 53 critical-rated vulnerabilities, the worst-case regarding high severity CVEs is the Linksys WRT54GL powered by the oldest kernel.

“AVM does a better job than the other vendors regarding most aspects. ASUS and Netgear do a better job in some aspects than D-Link, Linksys, TP-Link, and Zyxel,” said the researchers.

For the analysis researchers used FKIE’s Firmware Analysis and Comparison Tool (FACT) to examine the device’s firmware. Full list of affected routers found on GitHub.

The study shows that routers not getting a security update within one year, the worst case is that some devices were not updated since 1969 days.

Routers are exposed to the internet 24 hours a day leading to an even higher risk of malware infection and also attackers can launch various attacks to bypass router’s security.

There is not a single device without known critical vulnerabilities. Huawei is not part of the evaluation at all since they do not provide any firmware on their website, researchers said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Unpatched zero-day Flaw in 79 Netgear Routers Allows Hacker to take Full Control of the Device

6 New Vulnerabilities with D-Link Home Routers Let Hackers to Launch Remote Attacks

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its…

8 hours ago

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several…

9 hours ago

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including…

9 hours ago

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware…

10 hours ago

Researchers Introduce Mythic Framework Agent to Enhance Pentesting Tool Performance

Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity…

10 hours ago

Swan Vector APT Targets Organizations with Malicious LNK and DLL Implants

A newly identified advanced persistent threat (APT) campaign, dubbed "Swan Vector" by Seqrite Labs, has…

10 hours ago