{"id":375510,"date":"2021-12-02T21:06:56","date_gmt":"2021-12-02T18:06:56","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/these-popular-wi-fi-routers-are-security-nightmares-review-geek\/"},"modified":"2021-12-02T21:06:56","modified_gmt":"2021-12-02T18:06:56","slug":"these-popular-wi-fi-routers-are-security-nightmares-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/these-popular-wi-fi-routers-are-security-nightmares-review-geek\/","title":{"rendered":"#These Popular Wi-Fi Routers Are Security Nightmares \u2013 Review Geek"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3ed73b2c37c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3ed73b2c37c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/these-popular-wi-fi-routers-are-security-nightmares-review-geek\/#IoT_Inspector_and_CHIP_Magazines_Findings\" >IoT Inspector and CHIP Magazine\u2019s Findings<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/these-popular-wi-fi-routers-are-security-nightmares-review-geek\/#The_Good_News_Manufactures_Are_Addressing_the_Problems\" >The Good News: Manufactures Are Addressing the Problems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/these-popular-wi-fi-routers-are-security-nightmares-review-geek\/#What_Should_You_Do\" >What Should You Do?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#These Popular Wi-Fi Routers Are Security Nightmares \u2013 Review Geek&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-104553\" data-pagespeed-lazy-srcset=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/cac4fc2a.png?width=400 400w, https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/cac4fc2a.png?width=1200 1200w\" sizes=\"auto, 400w, 1200w\" data-pagespeed-lazy-src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/cac4fc2a.png?width=1200\" alt=\"Someone plugging an Ethernet cable into the back of a Wi-Fi router.\" width=\"1920\" height=\"1080\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/man-plugs-ethernet-cable-into-router-761147872\">Proxima Studio\/Shutterstock<\/a><\/span><\/figcaption><\/figure>\n<p>Security researchers from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/blog\/router-security-check-2021\/\">IoT Inspector<\/a> teamed up with CHIP Magazine to test nine of the most popular home Wi-Fi routers for exploits and vulnerabilities. The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/wp-content\/uploads\/2021\/11\/Chip-IoT-Inspector-Router-Sicherheit-Test.pdf\">results are stunning<\/a>\u2014not only are these routers poorly secured, but they suffer from vulnerabilities that security researchers first identified months or years ago.<\/p>\n<p>The routers tested by IoT Inspector and CHIP come from ASUS, AVM, D-Link, Edimax, Linksys, Netgear, Synology, and TP-Link. They all ran the latest version of their manufacturer\u2019s firmware, and there\u2019s a good chance that the vulnerabilities found in these routers exist in other models from the same brands.<\/p>\n<p>Here are IoT Inspector and CHIP Magazine\u2019s detailed findings, including some good <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> that proves the importance of this sort of research.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"IoT_Inspector_and_CHIP_Magazines_Findings\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_0\">IoT Inspector and CHIP Magazine\u2019s Findings<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-104552 size-full\" data-pagespeed-lazy-src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/eac90027.png\" alt=\"A graph showing the number of vulnerabilities found in each router tested by IOT Inspector and CHIP.\" width=\"1920\" height=\"818\" data-crediturl=\"https:\/\/www.iot-inspector.com\/wp-content\/uploads\/2021\/11\/Chip-IoT-Inspector-Router-Sicherheit-Test.pdf\" data-credittext=\"IoT Inspector, CHIP\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\">Portions on the left side of this graph were translated from German. <span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/wp-content\/uploads\/2021\/11\/Chip-IoT-Inspector-Router-Sicherheit-Test.pdf\">IoT Inspector, CHIP<\/a><\/span><\/figcaption><\/figure>\n<p>Before we get into all the terrible flaws in these popular routers, I need to take a moment and explain how IoT Inspector ran these tests. See, IoT Inspector is a software company that sells an automated security-analysis tool for routers and other connected devices.<\/p>\n<p>IoT Inspector ran each routers\u2019 firmware through this automated tool to test for over 5,000 CVEs and other security problems. Here\u2019s what it found:<\/p>\n<p>Here are the results of IoT Inspector and CHIP\u2019s tests:<\/p>\n<ul>\n<li>The nine routers suffer from a total of 226 flaws.<\/li>\n<li>TP-Link\u2019s Archer AX6000 is the biggest offender, suffering from 32 security bugs.<\/li>\n<li>Synology\u2019s RT-2600ac is a close second, sporting 30 security flaws.<\/li>\n<li>The majority of identified security flaws are \u201chigh\u201d or \u201cmedium\u201d risk.<\/li>\n<li>Every tested router suffers from a known vulnerability that was left unpatched.<\/li>\n<\/ul>\n<p>While the researchers didn\u2019t share much detailed information for these security flaws and bugs, they <em>did<\/em> publish <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/blog\/extracting-decryption-keys-dlink\/\">a critical vulnerability<\/a> found in D-Link\u2019s DIR-X460 router. Here\u2019s the short of it\u2014IoT Inspector found a way to send malicious firmware updates to the D-Link\u2019s DIR-X460 by extracting its encryption key.<\/p>\n<p>Additionally, IoT Inspector and CHIP published some of the most common flaws found in these nine routers:<\/p>\n<ul>\n<li>Weak default passwords, such as \u201cadmin.\u201d<\/li>\n<li>Hardcoded credentials in pain text\u2014you know, unencrypted data.<\/li>\n<li>Outdated Linux kernel in router firmware.<\/li>\n<li>Outdated multimedia and VPN functionality, which could be exploited.<\/li>\n<li>Use of old versions of BusyBox.<\/li>\n<\/ul>\n<p>Bear in mind that <em>anyone<\/em> could run these tests, including the routers\u2019 manufacturers. Clearly, the nine brands tested here aren\u2019t taking the time to properly secure their products.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"The_Good_News_Manufactures_Are_Addressing_the_Problems\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_1\">The Good News: Manufactures Are Addressing the Problems<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-102002\" data-pagespeed-lazy-src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/10\/9e0d1c01.jpg\" alt=\"\" width=\"1920\" height=\"1080\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\">Sarah Chaney<\/span><\/figcaption><\/figure>\n<p>According to CHIP Magazine, each of the nine router manufacturers responded to these tests and issued firmware updates to address the vulnerabilities in their products. Most of these fixes are for \u201clow risk\u201d vulnerabilities, but it\u2019s a good start.<\/p>\n<p>Here are the actions taken by each manufacturer following this investigation. Note that these bullet points are translated from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/wp-content\/uploads\/2021\/11\/Chip-IoT-Inspector-Router-Sicherheit-Test.pdf\">CHIP\u2019s report<\/a>, which is in German.<\/p>\n<ul>\n<li><strong>ASUS<\/strong>: ASUS examined our findings and presented us with a detailed answer. ASUS patched the outdated BusyBox, and there are now updated for \u201ccurl\u201d and the webserver. The password problems we warned about were temp files that the process removes when it is terminated. They are not a risk.<\/li>\n<li><strong>D-Link<\/strong>: D-Link thanked us for the tip and published a firmware update to fix the problems mentioned.<\/li>\n<li><strong>Edimax<\/strong>: Edimax didn\u2019t put too much effort into checking these problems but published an update to fix some issues.<\/li>\n<li><strong>Linksys<\/strong>: Linksys will address all issues categorized as \u201chigh\u201d and \u201cmedium\u201d It will avoid default passwords in the future, and has issued a firmware update for any remaining problems.<\/li>\n<li><strong>Netgear<\/strong>: The crew at Netgear worked hard and examined all the problems. Netgear believes some of its \u201chigh risk\u201d vulnerabilities are not a big deal. It has pushed an update for DNSmasq and iPerf, though other problems should be addressed first.<\/li>\n<li><strong>Synology<\/strong>: Synology is addressing the issues we found with an update to the Linux kernel. BusyBox and PHP will be updated, and Synology will clean up its certificates. Funny enough, all Synology devices benefit from this update.<\/li>\n<li><strong>TP-Link<\/strong>: Updating BusyBox, CURL, and DNSmasq eliminated many of TP-Link\u2019s problems. It still needs a new kernel, but TP-Link has over 50 fixes planned for its firmware.<\/li>\n<\/ul>\n<p>Just to be clear, IoT Inspector hasn\u2019t checked if these patches work or not. And even if they\u00a0<em>do<\/em> work, these routers are still vulnerable to known (and likely unknown) exploits.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Should_You_Do\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_2\">What Should You Do?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-104566\" data-pagespeed-lazy-src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/8380dbac.png\" alt=\"A Wi-Fi router in the dark.\" width=\"1920\" height=\"1080\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-illustration\/wifi-wireless-internet-router-on-dark-607183886\">KsanderDN\/Shutterstock<\/a><\/span><\/figcaption><\/figure>\n<p>Whether you use one of the affected routers or not, I suggest <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/205299\/how-to-ensure-your-home-router-has-the-latest-security-updates\/\">manually updating your router\u2019s firmware<\/a> and enabling automatic updates (if they aren\u2019t already enabled). Doing so ensures that your router is safe from the latest exploits\u2014or at least the ones that manufacturers decide to fix.<\/p>\n<p>You should also set a secure Wi-Fi password and disable features like WPS (Wi-Fi Protected Setup) and UPnP (Universal Plug and Play), which <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/122487\/htg-explains-is-upnp-a-security-risk\/\">opens your network to malware<\/a> and is regularly criticized by the FBI for its numerous security flaws.<\/p>\n<p>And if you\u2019re using an incredibly old router (or NAS device, for that matter) you should seriously consider an upgrade. Old networking hardware is often full of known vulnerabilities that manufacturers just don\u2019t care to patch.<\/p>\n<p>For more information on securing your router, check out <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/122487\/htg-explains-is-upnp-a-security-risk\/\">our detailed guide<\/a> at <em>How-To Geek<\/em>.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/blog\/router-security-check-2021\/\">IoT Inspector<\/a>, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.iot-inspector.com\/wp-content\/uploads\/2021\/11\/Chip-IoT-Inspector-Router-Sicherheit-Test.pdf\">CHIP Magazine<\/a> via <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws\/\">Bleeping Computer<\/a><\/small>\n<\/div>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/104549\/these-popular-wi-fi-routers-are-security-nightmares\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#These Popular Wi-Fi Routers Are Security Nightmares \u2013 Review Geek&#8221; Proxima Studio\/Shutterstock Security researchers from IoT Inspector teamed up with CHIP Magazine to test nine of the most popular home Wi-Fi routers for exploits and vulnerabilities. The results are stunning\u2014not only are these routers poorly secured, but they suffer from vulnerabilities that security researchers first&#8230;<\/p>\n","protected":false},"author":1,"featured_media":375511,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2021\/12\/cac4fc2a.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-375510","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/375510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=375510"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/375510\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/375511"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=375510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=375510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=375510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}