Popular devices from ASUS, D-Link, Linksys, Netgear, TP-Link and other router vendors contain serious security vulnerabilities.
A thorough security analysis of 127 popular routers from Peter Weidenbach and Johannes vom Drop had found that most of these devices revealed at least one critical security flaw.
The report is from Germany, and is titled, “Home Router Security Report”. The bulk of the vulnerabilities seems to be found with the underlying operating system powering these devices, with 91% of the systems powered by Linux. While Linux can be a powerful and secure Operating System, the version that was running appeared to be an older version that had been outdated.
“Most devices are still powered with a 2.6 Linux kernel, which is no longer maintained for many years,” researchers stated in the paper. “This leads to a high number of critical and high-severity CVEs affecting these devices.”
They concluded that “[Their] analysis showed that Linux is the most used OS running on more than 90% of the devices.
However, many routers are powered by very old versions of Linux. Most devices are still powered
with a 2.6 Linux kernel, which is no longer maintained for many years. This leads to a high
number of critical and high severity CVEs affecting these devices.
Since Linux is the most used OS, exploit mitigation techniques could be enabled very easily…
…AVM does better job than the other vendors regarding most aspects.
ASUS and Netgear do a better job in some aspects than D-Link, Linksys, TP-Link and Zyxel.
Additionally, our evaluation showed that large scale automated security analysis of embedded
devices is possible today utilizing just open source software. To sum it up, our analysis shows
that there is no router without flaws and there is no vendor who does a perfect job regarding all
security aspects. Much more effort is needed to make home routers as secure as current desktop
or server systems.”