Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Researchers Find 226 Vulnerabilities in Nine Wi-Fi Routers

A total of 226 potential security defects were identified in nine Wi-Fi routers from known manufacturers as part of a study performed by IoT Inspector security researchers and editors with the German IT magazine CHIP.

A total of 226 potential security defects were identified in nine Wi-Fi routers from known manufacturers as part of a study performed by IoT Inspector security researchers and editors with the German IT magazine CHIP.

The TP-Link Archer AX6000 router was the most impacted, with a total of 32 security issues identified. Next in line was Synology RT-2600ac, with 30 bugs, followed by Netgear Nighthawk AX12 with 29 vulnerabilities, and D-Link DIR-X5460 with 26 flaws.

The published analysis also identified 25 security errors in Asus ROG Rapture GT-AX11000, 25 more in Edimax BR-6473AX, 21 in Linksys Velop MR9600, 20 in AVM FritzBox 7530 AX, and 18 in AVM FritzBox 7590 AX. Millions of users are likely affected, the researchers warn.

The vulnerabilities were identified using IoT Inspector’s security platform, which only flags errors such as the presence of outdated software, password hashes, or outdated services on a vulnerable router. False positives were also encountered.

[ READ: CISA Sets Deadline to Patch Zoho Qualcomm, Mikrotik Flaws ]

Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity.

Some of the most important issues include the use of an outdated kernel in all of the analyzed firmware versions, the presence of vulnerable services, such as multimedia functions and VPNs, the use of insecure communication protocols and certificates, and the presence of passwords in plaintext.

All of the manufacturers were notified about the findings, with most already fixing some of the more important bugs and in the process of addressing the rest, according to an advisory from IoT Inspector.

Advertisement. Scroll to continue reading.

“Following our test, the affected manufacturers have already patched a lot of security gaps in their devices. But Wi-Fi routers are still not flawless. Manufacturers still have some catching up to do,” CHIP author Jörg Geiger said.

Users are advised to change passwords, ensure devices have automatic updates, and disable unnecessary router functions.

“Changing passwords on first use and enabling the automatic update function must be standard practice on all IoT devices, whether the device is used at home or in a corporate network. The greatest danger, besides vulnerabilities introduced by manufacturers, is using an IoT device according to the motto ‘plug, play and forget’,” IoT Inspector’s CEO Jan Wendenburg said.

Related: InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

Related: Critical, Exploitable Flaws in NETGEAR Router Firmware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.