Would it surprise you to know that the 2 most vulnerable pieces of hardware that exist in your home network are your Wifi printer, and your Wifi router!
Have you ever purchased a brand new printer or router, only to discover that your running the latest available firmware update.....which is a year or so older than the actual device itself?
My conclusion on why is shared by many in the security industry.
In general Wifi routers are not designed with security in mind because manufacturers operate on small profit margins, and rush to get products to market as fast as possible rather than invest in secure development lifecycles!
Since most routers are vulnerable regardless of who made them, there is little incentive for secure development.
WiFi speeds are what its all about, not security.
This fact was proven at the last DefCon 22 security conference which pitted hackers against 10 of the most popular router brands.
Most were hacked with elevated privelages....these included the latest models by Netgear, Dlink, TPlink, Linksys and Belkin.
My own personal penetration tests against my own network, revealed multiple vulnerabilities in my January 2018 purchased, Epson Workforce WF-2630 printer, as well as my 2017 Dlink AC1900 EXO Wireless router.
Vulns I found in the router included:
stack overflow vulnerability caused by HNAP
WAN & LAN XSS vulns.
Weak files permissions and credentials stored in clear text.
LAN DoS attack vulns against some of the running daemons.
Not so long ago I read Security researcher Craig Youngs recently published research showing that 80 percent of the 25 best-selling SOHO wireless router models available on Amazon had vulnerabilities.
This is concerning to me, but any attempts to contact the vendors for explanations have proved fruitless!
They believe only in superior router speeds which is what most customers desire.....fair enough! Little attention seems to be paid to internal security.
Its little wonder that router exploits are on the rise today, and yes Supersapien64, most are Firmware related.
Edited by Replicator, 03 August 2018 - 09:19 AM.