ESET Home Router 100 Other Reference Materials discovered vulnerabilities

　This article re -edited the "More than 100 kinds of home routers to find a known vulnerabilities in more than 100 kinds of home routers" published by Canon Marketing Japan.

　According to the latest surveys conducted on more than 100 types of home routers provided by seven companies, including major vendors, almost all routers are not appropriately applied to the routers, and the impact of serious security defectsThere was a risk that the device and their users were exposed to the risk of cyber attacks.

　This report, "Home Router Security Report 2020", reports that "all routers have found a known vulnerabilities in all routers."This survey includes 127 router models of ASUS, AVM, D-Link, LinkSys, NetGear, TP-Link, and Zyxel, according to the communication, information processing and human engineering institute (FKIE) of the German Frown Hoofer Research Organization in Germany.It was conducted on the target.

"Many routers are affected by hundreds of known vulnerabilities. Even if the latest updates are applied to these routers, many of these known vulnerabilities remain much.The researchers who conducted this survey, saying that the problems are getting worse even more, the technology to alleviate the effects of Exploiting, "said the researchers who conducted this survey.It was 378 days when these researchers aggregated the average period after the update was applied earlier.The 46 routers did not receive security updates in the last year.

　These routers were found to be affected by 53 emergency vulnerabilities on average.Even if the device that did not enter the high ranks, it is influenced by 21 CVEs at such an emergency level.However, detailed vulnerabilities were not listed.

　In any case, if the patch is not applied to the vulnerability first, these problems will not be solved."Some routers can be easily hacked, and simple passwords that anyone can think of are used in a way that users cannot change," this survey reported.Specifically, 50 routers have hardly coded administrator's authentication information, of which 16 of them used a general, easy -to -guess login authentication information.

　In this survey, some router models have been evaluated as higher security than other router models, but they will not be pleased with the evaluated vendors."AVM is better than other vendors in most aspects, and ASUS and NetGear are better than D-Link, LinkSys, TP-Link, Zyxel," said researchers.increase.

　The 90 % device was equipped with Linux, but in many cases, one of the old versions of the Linux operating system was executed.Linux kernel version 2 for more than one -third of the routers.6.It is equipped with 36, and this version lasted the update back to 2011.

"Linux is conducting continuous initiatives to eliminate security vulnerabilities in operating systems and develop new functions. In fact, all manufacturers have to install the latest software.We do not integrate the latest software, both as much as possible and as needed, "said Johannes Vom Dorp, a FKIE cyber attack analysis and defense division co -authored this survey.

　This survey uses FKIE's firmware analysis and comparison tools (FACT) to verify the latest firmware version of the available devices as of March 27, 2020.The methodology and results are explained in detail in the above -mentioned survey report.The detailed list of the test model and the firmware version of each model is available on GitHub.

　As a whole, the results of this survey have deviated so much from other surveys conducted last year, such as tests conducted by Independent Security Evaluators and another test result conducted by American Consumer Institute in 2018. not.

　For the last few years, ESET has widely referred to router security.Especially in the era of telework, router security is more important than ever.The English version of Welivesecurity introduces some articles on router security.

・ How to enhance the security of the router dramatically

・ 5 ways to enhance router safety (Japanese)

・ Recommended for FBI to restart all routers after reporting that hundreds of thousands of routers around the world have been damaged by the VPNFILTER malware.

・ Follow -up article that continues the above article