There are hundreds of vulnerabilities plaguing routers (opens in new tab) of all shapes and sizes, and most of them have not been patched, new analysis from Kaspersky has warned.
The company’s report says that in 2021, there had been a total of 506 new vulnerabilities discovered, out of which 87 were deemed as critical. Of those, a third (almost 30) have not been addressed by their respective vendors, whatsoever, while another 26% were important enough to only get an advisory.
Sometimes, these advisories are followed up with a patch, the researchers are saying, but most of the time, they just tell potential victims to reach out to customer support.
The absolute worst year for the discovery of critical flaws in router endpoints (opens in new tab) was 2020 – the year of the Covid-19 pandemic, and the subsequent rush to remote working. That year, Kaspersky says, 603 new vulnerabilities were discovered, almost three times as many as the year before (207).
These two things are correlated, the researchers further claim, as remote working put most employees at the mercy of their (unpatched and unprotected) home routers. While most workers these days know relatively well how to protect their computers, laptops, and mobile devices, they’re clueless what to do with their routers.
According to figures from Broadband Genie, half (48%) have never changed their router’s settings, including the default login credentials, and their Wi-Fi password. Three quarters (73%) don’t think it’s necessary, while 20% don’t know how to change these things.
To keep any internet-connected device secure, there are a number of things a person (or company) can do: keep both firmware, and software, updated to the latest version, at all times; install a strong antivirus solution, as well as a firewall; activate multi-factor authentication on any services available, and use a Virtual Private Network (VPN) service.
For routers, specifically, users should always use WPA2 encryption, disable remote access to the router, select a static IP address, disable DHCP, and use a MAC filter.