Archive for December 5, 2021

Yikes! Nine Popular WiFi Routers Were Vulnerable To A Combined 226 Flaws Says German Security Researchers

Posted in Commentary with tags on December 5, 2021 by itnerd

German security researchers analyzed nine popular WiFi routers from these companies:

  • Asus
  • AVM
  • D-Link
  • Netgear
  • Edimax
  • TP-Link
  • Synology
  • Linksys

And what they found is absolutely insane. They found a total of 226 potential vulnerabilities in them, even when running the latest firmware. What’s really insane about this is that these routers are used by millions of people. And some of the vulnerabilities that were uncovered are publicly disclosed ones, which is REALLY bad.

Here’s the specific routers that were tested:

  • TP-Link Archer AX6000 – 32 security issues
  • Synology RT-2600ac – 30 security issues
  • Netgear Nighthawk AX12 – 29 security issues
  • D-Link DIR-X5460 – 26 security issues
  • Edimax BR-6473AX – 25 security issues
  • Asus ROG Rapture GT-AX11000 – 25 security issues
  • Linksys Velop MR9600 – 21 security issues
  • AVM FritzBox 7530 AX – 20 security issues
  • AVM FritzBox 7590 AX – 18 security issues

Now given that these nine had issues, it’s a pretty safe bet that if you grabbed any other router with the latest firmware from these companies, you’d find issues as well.

The vendor responses to the researchers was quick. Here’s what they said (translated from German):

  • Asus: Asus examined every single point of the analysis and presented us with a detailed answer. Asus has patched the outdated BusyBox version, and there are also updates for “curl” and the web server. The pointed out that password problems were temp files that the process removes when it is terminated. They do not pose a risk.
  • D-Link: D-Link thanked us briefly for the information and published a firmware update that fixes the problems mentioned.
  • Edimax: Edimax doesn’t seem to have invested too much time in checking the problems, but at the end there was a firmware update that fixed some of the gaps.
  • Linksys: Linksys has taken a position on all issues classified as “high” and “medium”. Default passwords will be avoided in the future; there is a firmware update for the remaining problems.
  • Netgear: At Netgear they worked hard and took a close look at all problems. Netgear sees some of the “high” issues as less of a problem. There are updates for DNSmasq and iPerf, other reported problems should be observed first.
  • Synology: Synology is addressing the issues we mentioned with a major update to the Linux kernel. BusyBox and PHP will be updated to new versions and Synology will soon be cleaning up the certificates. Incidentally, not only the routers benefit from this, but also other Synology devices.
  • TP-Link: With updates from BusyBox, CURL and DNSmasq, TP-Link eliminates many problems. There is no new kernel, but they plan more than 50 fixes for the operating system

Here’s my advice to stay safe:

If you are using any of the models mentioned in the report, you are advised to apply the available security updates and manually check for new updates (I never recommend the use of automatic updating for routers) on weekly basis and change the default password to one that is unique and strong. In fact, that is my advice for anyone who has a router or IoT device in their home.

Additionally, you should do this following:

  • Disable remote access
  • Disable UPnP (Universal Plug and Play)
  • Disable WPS (WiFi Protected Setup)

All of that will keep you as safe as possible.