Millions of Wi-Fi routers at risk as hundreds of security vulnerabilities discovered

“The test negatively exceeded all expectations for secure small business and home routers,” said IoT Inspector CTO Florian Lukavsky. “Not all vulnerabilities are equally critical — but at the time of the test, all devices showed significant security vulnerabilities that could make a hacker’s life much easier,” Lukavsky added.

The major cause of the issue is expected to be a lack of newer components. Older versions of core components including the Linux kernel along with other out of date services were likely the targets that were exploited by attackers.

The report also mentions that vendors were using simple default passwords on routers that made them easy to guess. Some users are known to use routers with their default credentials, which make them really easy targets for attackers.

Researchers also noted that in some cases, SOHO routers were also using unencrypted connections in insecure certificates. Over-reliance on older versions of BusyBox, the use of weak default passwords like “admin” and the presence of hard-coded credentials in plain text form were also responsible.

Fixes released

As soon as the router vulnerabilities were reported to companies, all vendors responded quickly by releasing a fix for affected models. These include Asus, D-Link, Edimax, Linksys, Netgear, Synology and TP-Link.

Users should update the firmware of their WiFi routers as soon as possible to apply the latest fixes and stay clear of any potential attacks.