Connect with us

Hi, what are you looking for?


Network Security

Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers

Discarded enterprise routers are often not wiped and contain secrets that could be highly useful to malicious hackers.

Discarded enterprise routers are often not wiped properly and store secrets that could be highly useful to malicious hackers, according to an analysis conducted by cybersecurity firm ESET.

The company acquired 18 secondhand enterprise routers made by Cisco, Fortinet and Juniper Networks and found that nine devices, including core routers, contained complete configuration data. Only five devices had been properly wiped.  

In the case of the nine routers, ESET was able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue. 

The easily accessible and sensitive corporate information found on these routers also included IPsec or VPN credentials or hashed root passwords, customer information, data allowing third-party connections to the network, credentials for connecting to other networks, router-to-router authentication keys, and connection details for specific applications. 

ESET warned that much of the exposed information could be very useful to threat actors planning an attack against the device’s original owner.

The type of network information found on the routers is often only available to a limited number of individuals within an organization. The devices also stored information for accessing cloud applications, as well as firewall rules.

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens,” ESET explained.

Another important piece of information exposed by the routers was related to the organization’s security. The security configuration of a device can allow a threat actor to infer the victim’s overall security level.

Advertisement. Scroll to continue reading.

“We also noted, significantly, that multiple devices were acquired following decommissioning from managed IT providers who operate networks for much larger organizations, so often the affected organizations would have no idea that they may now be vulnerable to attacks due to data leaks by some third party,” ESET said.

“This seemed like a massive security attack surface that was potentially wide open to a whole host of target organizations. Two such IT companies (an MSSP in one case) managed networks for hundreds of clients in a variety of sectors including education, finance, healthcare, manufacturing, and professional services, among others,” it added.

The cybersecurity firm attempted to contact the previous owners of the tested routers to warn them about the potential risk. Three organizations completely ignored ESET. 

Interestingly, one of the impacted organization’s representatives said they had contracted a specialized disposal service and they were ‘shocked’ to learn about the findings. 

ESET’s full report contains recommendations for securely disposing of routers, pointing out that in most cases it’s easy to wipe a device using functionality provided by the manufacturer. 

Related: US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers

Related: InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...