Home » Technology » Internet » Over 220 Vulnerabilities Found In Various Wifi Routers

Over 220 Vulnerabilities Found In Various Wifi Routers

Security researchers from IoT Inspector have chosen nine popular WiFi routers and examined them for weaknesses. The result was quite shocking: They found a total of 226 potential vulnerabilities in the latest firmware.

That comes from a report by Bleeping Computer. In cooperation with Chip, IoT Inspector had chosen devices from Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys for security inspections. The selected routers are used by millions of people and have had security problems across the board. The sad front runners in terms of the number of vulnerabilities are the TP-Link Archer AX6000 with 32 vulnerabilities and the Synology RT-2600ac with 30 vulnerabilities.

The research process

The researchers focused on models that are mainly used by small businesses and private users. In addition, all routers were up to date with the latest software version made available by the manufacturers. The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other known security problems. The results were sobering: many of the routers were vulnerable to publicly disclosed vulnerabilities.

While not all vulnerabilities pose the same risk, the team found some common problems that affect most of the models tested:

  • Outdated Linux kernel in the firmware
  • Outdated multimedia and VPN features
  • Excessive use of older versions of BusyBox
  • Use of weak standard passwords like “admin”
  • Presence of hard-coded login data in plain text form

Encryption Key Extraction

The researchers have not yet released many technical details about their findings, with the exception of one case involving the extraction of the encryption key for firmware images from D-Link routers. The team found a way to get local rights on a D-Link DIR-X1560 and get shell access via the physical UART debug interface.

Then the entire file system was unloaded with the help of the integrated BusyBox commands and the binary file responsible for the decryption routine was found. By analyzing the appropriate variables and functions, the researchers were finally able to extract the AES key that was used to encrypt the firmware. This key allows a threat actor to send malicious firmware image updates to bypass verification checks on the device and potentially introduce malware on the router.

Manufacturers responded quickly

All affected manufacturers – with the exception of AVM – reacted directly to the researchers’ findings, contacted the researchers, and published firmware patches. However, it also said that not all security vulnerabilities have been fixed. AVM announced that it is critical of such automated tests. The Fritz boxes, incidentally, were the test, the router with the fewest vulnerabilities. IoT Inspector has made the chip article available online – you can read the doc there.