Hundreds of thousands of home Wi-Fi routers under attack — what to do

A Wi-Fi router on a windowsill.
(Image credit: Shutterstock)

If you're using a home Wi-Fi router, Wi-Fi range extender or Wi-Fi USB network adapter that's from 2015 or earlier, it's probably time to put it in a closet and get a newer model. That's because your device may be being hacked over the internet right now.

Serious flaws have been found in hundreds of different models of home networking devices devices made and sold by at least 65 different companies, and cybercriminals are already attacking them. We've got a list of the vulnerable devices at the end of this page.

Many of the affected models were released between 2010 and 2015, and at least a couple date back to 2004. IoT Inspector, the German information-security firm that found the flaws, estimates there are hundreds of thousands of vulnerable individual devices being used today worldwide.

"By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," wrote IoT Inspector in its report. 

A known criminal gang is already attacking these devices using the flaws outlined in IoT Inspector's report, which was posted online one week ago (Aug. 16). 

Israeli information-security firm SAM Seamless Network said that it took only two days for operators of a botnet using a variant of the notorious Mirai malware, which knocked out internet access on much of the U.S. East Coast one afternoon in October 2016, to begin launching attacks.

Remote takeover

The particular flaw being exploited by the botnet gang involves remote takeover of the router through the administrative interface, but sadly simply turning off remote access to the admin interface won't fix the issue. 

Just landing on a malicious website on a computer using the router is enough. There are three other serious flaws as well.

These vulnerable devices all using Wi-Fi chips made by a Taiwanese company called Realtek. IoT Inspector told Realtek of the flaws back in May, and on Aug. 13 Realtek released patches for some, but not all, of the vulnerable chipsets. More fixes will be coming from Realtek, but it does not plan to fix the oldest chipsets.

Unfortunately, those patches have to be implemented and fine-tuned by the makers of the vulnerable devices and then pushed out to consumers as new device firmware. 

It's unlikely that many patches are available yet for download or installation, and it may be months before all the updated firmware is available. The oldest devices will probably never be patched.

What you need to do

If you own one of the devices on the list below, here's what to do.

If the device is only a few years old, say 2015 or later: You'll probably get a firmware update in the next few months. 

Check the manufacturer's website now for updates released after Aug. 13, 2021. See if the firmware release notes reference vulnerability ID numbers CVE-2021-35392, CVE-2021-35393, CVE-2021-35394 or CVE-2021-35395, mention Realtek or credit IoT-Inspector for finding flaws.

If so, the firmware will fix these problems. Follow the instructions on the manufacturer's website to download and install the firmware. (Here's how to update router firmware for various brands.) 

If an update isn't available right now, then disconnect the device and use another router or access point until updated firmware becomes available.

If the device was released between 2010 and 2015: You may or may not eventually get a firmware update. As above, check the manufacturer's website for existing firmware updates and follow the instructions. 

If nothing's been released since Aug. 13, 2021, disconnect the device and keep checking the website for the next few months. 

If the device was first released before 2010: You'll probably never get a firmware update. Get a newer device.

List of affected devices

Swipe to scroll horizontally
Manufacturer Affected Models
A-Link Europe Ltd A-Link WNAP WNAP(b)
ARRIS Group, Inc VAP4402_CALA
Airlive Corp. WN-250R, WN-350R
Abocom System Inc. Wireless Router ?
AIgital Wifi Range Extenders
Amped Wireless AP20000G
Askey AP5100W
ASUSTek Computer Inc. RT-Nxx models, WL330-NUL, Wireless WPS Router RT-N10E, Wireless WPS Router RT-N10LX, Wireless WPS Router RT-N12E, Wireless WPS Router RT-N12LX
Beeline Smart Box v1
Belkin F9K1015, AC1200DB Wireless Router F9K1113 v4, AC1200FE Wireless Router F9K1123, AC750 Wireless Router F9K1116, N300WRX, N600DB
Buffalo Inc. WEX-1166DHP2, WEX-1166DHPS, WEX-300HPS, WEX-733DHPS, WMR-433, WSR-1166DHP3, WSR-1166DHP4, WSR-1166DHPL, WSR-1166DHPL2
Calix Inc. 804Mesh
China Mobile Communication Corp. AN1202L
Compal Broadband Networks, INC. CH66xx cable modems line.
D-Link DIR-XXX models based on rlx-linux, DAP-XXX models based on rlx-linux, DIR-300, DIR-501, DIR-600L, DIR-605C, DIR-605L, DIR-615, DIR-618, DIR-618b, DIR-619, DIR-619L, DIR-809, DIR-813, DIR-815, DIR-820L, DIR-825, DIR-825AC, DIR-825ACG1, DIR-842, DAP-1155, DAP-1155 A1, DAP-1360 C1, DAP-1360 B1, DSL-2640U, DSL-2750U, DSL_2640U, VoIP Router DVG-2102S, VoIP Router DVG-5004S, VoIP Router DVG-N5402GF, VoIP Router DVG-N5402SP, VoIP Router DVG-N5412SP, Wireless VoIP Device DVG-N5402SP
DASAN Networks H150N
Davolink Inc. DVW2700 1, DVW2700L 1
Edge-core VoIP Router ECG4510-05E-R01
Edimax RE-7438, BR6478N, Wireless Router BR-6428nS, N150 Wireless Router BR6228GNS, N300 Wireless Router BR6428NS, BR-6228nS/nC
Edison unknown
EnGenius Technologies, Inc. 11N Wireless Router, Wireless AP Router
Esson Technology Inc. Wifi Module ESM8196 (therefore any device using this wifi module)
EZ-NET Ubiquitous Corp. NEXT-7004N
Hama unknown
Hawking Technologies, Inc. HAWNR3
MT-Link MT-WR600N
iCotera i6800
LG International Axler Router LGI-R104N, Axler Router LGI-R104T, Axler Router LGI-X501, Axler Router LGI-X502, Axler Router LGI-X503, Axler Router LGI-X601, Axler Router LGI-X602, Axler Router RT-DSE
Logitec BR6428GNS, LAN-W300N3L
MMC Technology MM01-005H, MM02-005H
MT-Link MT-WR730N, MT-WR760N, MT-WR761N, MT-WR761N+, MT-WR860N
NetComm Wireless NF15ACV
Netis WF2411, WF2411I, WF2411R, WF2419, WF2419I, WF2419R, WF2681
Netgear N300R
Nexxt Solutions AEIEL304A1, AEIEL304U2, ARNEL304U1
Observa Telecom RTA01
Occtel VoIP Router ODC201AC, VoIP Router OGC200W, VoIP Router ONC200W, VoIP Router SP300-DS, VoIP Router SP5220SO, VoIP Router SP5220SP
Omega Technology Wireless N Router O31 OWLR151U, Wireless N Router O70 OWLR307U
PATECH Axler RT-TSE, Axler Router R104, Axler Router R3, Axler Router X503, Axler Router X603, LotteMart Router 104L, LotteMart Router 502L, LotteMart Router 503L, Router P104S, Router P501
PLANEX COMMUNICATIONS INC., Planex Communications Corp. MZK-MF300N, MZK-MR150, MZK-W300NH3, MZK-W300NR, MZK-WNHR
PLANET Technology VIP-281SW
Realtek RTL8196C EV-2009-02-06, RTL8xxx EV-2009-02-06, RTL8xxx EV-2010-09-20, RTL8186 EV-2006-07-27, RTL8671 EV-2006-07-27, RTL8671 EV-2010-09-20, RTL8xxx EV-2006-07-27, RTL8xxx EV-2009-02-06, RTL8xxx EV-2010-09-20
Revogi Systems
Sitecom Europe BV Sitecom Wireless Gigabit Router WLR-4001, Sitecom Wireless Router 150N X1 150N, Sitecom Wireless Router 300N X2 300N, Sitecom Wireless Router 300N X3 300N
Skystation CWR-GN150S
Sercomm Corp. Telmex Infinitum
Shaghal Ltd. ERACN300
Shenzhen Yichen (JCG) Technology Development Co., Ltd. JYR-N490
Skyworth Digital Technology. Mesh Router
Smartlink unknown
TCL Communication unknown
Technicolor TD5137
Telewell TW-EAV510
Tenda AC6, AC10, W6, W9, i21
Totolink A300R
TRENDnet, Inc., TRENDnet Technology, Corp. TEW-651BR, TEW-637AP, TEW-638APB, TEW-831DR
ZTE MF253V, MF910
Zyxel P-330W, X150N, NBG-2105, NBG-416N AP Router, NBG-418N AP Router, WAP6804
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.