Hundreds of new vulnerabilities found in SOHO routers

Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks.

Users should check their Wi-Fi routers for available firmware updates following the release of a report disclosing some 226 vulnerabilities in the most popular home and small office brands.

A team of researchers from security firm IoT Inspector and German tech magazine CHIP found widespread security vulnerabilities and shortcomings in home office and small office (SOHO) routers from the likes of Netgear, Asus, Synology, D-Link, AVM, TP-Link and Edimax.

"The test negatively exceeded all expectations for secure small business and home routers," said IoT Inspector CTO Florian Lukavsky. "Not all vulnerabilities are equally critical -- but at the time of the test, all devices showed significant security vulnerabilities that could make a hacker's life much easier."

A big part of the problem, according to the researchers, was a lack of up-to-date components. Core components of the routers, such as the Linux kernel, as well as extra services like VPN or multimedia software, were all found to be out of date and subject to exploits for vulnerabilities that have long since been made public.

Additionally, the report found that vendors were using easy-to-guess default passwords on their routers out of the box, something that users will often leave present. The researchers also noted that in some cases the SOHO routers were using unencrypted connections in insecure certificates.

In a previous post that teased the full report, IoT Inspector detailed some of the vulnerabilities it found in D-Link routers, most notably flaws that would allow an attacker to steal firmware encryption keys.

There is, however, some reason for optimism. The researchers noted that when notified of the bugs, all the router vendors mentioned in the report responded quickly and were able to get their fixes out quickly.

Lukavsky told SearchSecurity that Synology was particularly good at getting its fixes out, despite having more vulnerabilities uncovered than any other vendor.

"Synology, however, used this opportunity to not only provide security patches for the device in question, but to their entire product family," Lukavsky explained. "From the vendors we observed during the test timeframe, they probably achieved the biggest security boost."

The response, said Lukavsky, is a good reflection on the strides vendors are making in their handling of external bug reports. Despite being told their products contained dozens of flaws, in this case the vendors took everything in stride and quickly updated their firmware.

"The industry is shifting in this regard," explained Lukavsky.

"With coordinated disclosure becoming industry standard and more and more regulatory frameworks demanding vendors to have security programs in place and means to triage vulnerability advisories received by researchers quickly to provide security patches, we see vendors maturing in this area."

Now, the onus falls on the router owners and administrators themselves to check their firmware and make sure updates are installed and running. While some SOHO router models and services use automatic updates, others will need to be manually given the firmware updates and restarted as necessary.

Dig Deeper on Threats and vulnerabilities