Are SOHO Routers A Hopeless Case?
I sure have one! It’s a nice little TP-Link, that’s doing what it’s supposed to do. Until now I felt pretty good and also kind of secure. Recently my feeling have changed though.
The Hungarian company Seach-Lab and some Spanish students, who are working at their master thesis, disclosed that there are quite a few SOHO routers (Small Office, Home Office routers) out there which are basically inviting cybercriminals to drop by and take a look at your data due to their vulnerabilities.
Search-Lab discovered 53 unique vulnerabilities on only 4 different D-Link devices, all running the latest firmware. According to their report “several vulnerabilities can be used by a remote attacker to execute arbitrary code and gain full control over the device”. They listed a few of the most critical findings’ problem areas in it as well so take a look at their paper if you want to know more.
The students published their findings on Full Disclosure and they lost more than 40 vulnerabilities in 22 different SOHO router models. The issues range from persistent and unauthenticated cross site scripting vulnerabilities and information leaks to Universal Plug and Play related vulnerabilities.
Routers which made it on the list are: Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; Sagem LiveBox Pro 2 SP and Fast 1201; Huawei HG553 and HG556a; Amper Xavi 7968, 7968+ and ASL-26555; D-Link DSL-2750B and DIR-600; Belkin F5D7632-4; Linksys WRT54GL; Astoria ARV7510; Netgear CG3100D and Zyxel P 660HW-B1A.
Really, it doesn’t look good for SOHO router vendors. They either do not care or (even worse) do not know that their firmware is that insecure.