Researchers from IoT Inspector and CHIP examined devices from Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and found a total of 226 potential security vulnerabilities.
“The test negatively exceeded all expectations for secure home and small business routers. Not all vulnerabilities are equally critical – but at the time of the test, all devices showed significant security vulnerabilities that could make a hacker’s life much easier,” said Florian Lukavsky, CTO of IoT Inspector.
The two devices with the most number of vulnerabilities were the The TP-Link Archer AX6000 with 32 vulnerabilities, and the Synology RT-2600ac with 30 vulnerabilities.
According to the researchers, some of the security issues were detected across multiple devices, generally because of outdated software. They fathom that, since integrating a new kernel into the firmware is a costly affair, all of the tested routers were running dated versions of the Linux kernel.
Similarly, additional services, such as multimedia streaming or VPN, were usually found to be powered by outdated software.
When contacted by the researchers, all of the manufacturers quickly responded by releasing firmware patches to resolve the issues.
The researchers also used the opportunity to point out that the coalition agreement of the new German government seeks to hold manufacturers accountable for vulnerabilities in their products.
“This increases the pressure on the industry to continuously secure products in order to avoid immense claims for damages,” point out the researchers.