More Wi-Fi router brands and models have been found to incur security risks. This is according to security researchers at Independent Security Evaluators (ISE). The group has recently discovered up to 56 additional Common Vulnerabilities and Exposures or CVEs in popular routers. Among those are models from Asus, D-Link, and TrendNet.
ISE released an initial list of Wi-Fi routers that come with security risks in April. Vulnerabilities of such devices continue to be uncovered and continue to remain unpatched. The latest study showed more proofs that small and home offices that use routers for Internet connectivity are exposed to risks of security attacks.
The security research group warns that every individual or business that connects to most routers is vulnerable to risks. Routers could easily be exploited but the vulnerabilities could be difficult to fix. Manufacturers of those devices should immediately devise ways to resolve the issues.
How are such vulnerabilities incurred? Representatives of the group explained that Wi-Fi router administrators in small businesses and homes usually employ weak or static passwords that are almost the same as those used in hotspots like coffee chains or fast food stores.
An attacker could just get an establishment’s password for Wi-Fi. After getting access to the network, he would just have to use any of the exploits discovered by ISE. When the router is compromised, the online traffic it facilitates would also be exposed to risks.
ISE believes this issue could be resolved if routers would also be subjected to automatic updates, just like how traditional PCs using Windows and Mac operating systems are regularly updated. But the group also thinks it would be hard to convince users to regularly update their router firmware. In general, most of them think Wi-Fi routers could be forgotten after setting up.
Coordination with manufacturers
Automatic updating of routers may not be an easy and logical solution in this regard. Thus, router manufacturers should address such problems in their end. ISE disclosed that after releasing an initial report about this problem last April, it has submitted copies of the report to identified router makers.
TP-Link immediately fixed the discovered vulnerabilities. D-Link has not confirmed receiving or reading the report, while Linksys opted not to do repairs for the vulnerabilities identified. ISE assured that it already notified all manufacturers about the vulnerabilities uncovered before the findings of this latest study were released to the public.