Even the most highly-rated Wi-Fi routers with up-to-date firmware can be riddled with security flaws, an analysis by German security researchers IoT-Inspector and German tech magazine CHIP has found.
The researchers looked at nine models on CHIP’s “best routers” list: two FritzBoxes from German router-maker AVM, plus one each from Asus, D-Link, Edimax, Linksys, Netgear, Synology and TP-Link. (Two are also on the Tom’s Guide list of best Wi-Fi routers.) The Synology and TP-Link had the most vulnerabilities, with 30 and 32 each, although some of those flaws were classified as low-risk.
“The test[s] negatively exceeded all expectations for secure small business and home routers,” said IoT-Inspector CEO Florian Lukavsky in a blog post. “Not all vulnerabilities are equally critical — but at the time of the test, all devices showed significant security vulnerabilities that could make a hacker’s life much easier.”
According to CHIP’s report (in German), the flaws included multimedia and VPN software known to be vulnerable, outdated versions of the Linux kernel, outdated software such as the BusyBox Linux distribution often used in routers, hardcoded administrative passwords and default administrative passwords that were too simple or widely known.
In all, 226 known software vulnerabilities were found across all nine Wi-Fi router models, which IoT-Inspector and CHIP reported to the router makers. Except for AVM, all the manufacturers responded positively and have issued, or will soon be issuing, firmware updates to fix at least some of the high-risk and medium-risk flaws.
This story was earlier reported by Bleeping Computer.
Which Wi-Fi routers to update, and how
Because router makers use similar firmware for most of their current models, you’ll want to update your firmware if you own any recent router from one of the brands named below, even if yours isn’t exactly the same model.
The Wi-Fi routers examined were: