Hundreds of thousands of home Wi-Fi routers under attack — what to do
Chipset flaws dating back many years permit remote takeover
If you're using a home Wi-Fi router, Wi-Fi range extender or Wi-Fi USB network adapter that's from 2015 or earlier, it's probably time to put it in a closet and get a newer model. That's because your device may be being hacked over the internet right now.
Serious flaws have been found in hundreds of different models of home networking devices devices made and sold by at least 65 different companies, and cybercriminals are already attacking them. We've got a list of the vulnerable devices at the end of this page.
- Your Wi-Fi router can tell everyone where you live — here's what you can do
- The best Wi-Fi routers
- Plus: Google Chrome just got a killer time-saving upgrade — how to try it now
Many of the affected models were released between 2010 and 2015, and at least a couple date back to 2004. IoT Inspector, the German information-security firm that found the flaws, estimates there are hundreds of thousands of vulnerable individual devices being used today worldwide.
"By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," wrote IoT Inspector in its report.
A known criminal gang is already attacking these devices using the flaws outlined in IoT Inspector's report, which was posted online one week ago (Aug. 16).
Israeli information-security firm SAM Seamless Network said that it took only two days for operators of a botnet using a variant of the notorious Mirai malware, which knocked out internet access on much of the U.S. East Coast one afternoon in October 2016, to begin launching attacks.
Remote takeover
The particular flaw being exploited by the botnet gang involves remote takeover of the router through the administrative interface, but sadly simply turning off remote access to the admin interface won't fix the issue.
Sign up now to get the best Black Friday deals!
Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.
Just landing on a malicious website on a computer using the router is enough. There are three other serious flaws as well.
These vulnerable devices all using Wi-Fi chips made by a Taiwanese company called Realtek. IoT Inspector told Realtek of the flaws back in May, and on Aug. 13 Realtek released patches for some, but not all, of the vulnerable chipsets. More fixes will be coming from Realtek, but it does not plan to fix the oldest chipsets.
Unfortunately, those patches have to be implemented and fine-tuned by the makers of the vulnerable devices and then pushed out to consumers as new device firmware.
It's unlikely that many patches are available yet for download or installation, and it may be months before all the updated firmware is available. The oldest devices will probably never be patched.
What you need to do
If you own one of the devices on the list below, here's what to do.
If the device is only a few years old, say 2015 or later: You'll probably get a firmware update in the next few months.
Check the manufacturer's website now for updates released after Aug. 13, 2021. See if the firmware release notes reference vulnerability ID numbers CVE-2021-35392, CVE-2021-35393, CVE-2021-35394 or CVE-2021-35395, mention Realtek or credit IoT-Inspector for finding flaws.
If so, the firmware will fix these problems. Follow the instructions on the manufacturer's website to download and install the firmware. (Here's how to update router firmware for various brands.)
If an update isn't available right now, then disconnect the device and use another router or access point until updated firmware becomes available.
If the device was released between 2010 and 2015: You may or may not eventually get a firmware update. As above, check the manufacturer's website for existing firmware updates and follow the instructions.
If nothing's been released since Aug. 13, 2021, disconnect the device and keep checking the website for the next few months.
If the device was first released before 2010: You'll probably never get a firmware update. Get a newer device.
List of affected devices
Manufacturer | Affected Models |
---|---|
A-Link Europe Ltd | A-Link WNAP WNAP(b) |
ARRIS Group, Inc | VAP4402_CALA |
Airlive Corp. | WN-250R, WN-350R |
Abocom System Inc. | Wireless Router ? |
AIgital | Wifi Range Extenders |
Amped Wireless | AP20000G |
Askey | AP5100W |
ASUSTek Computer Inc. | RT-Nxx models, WL330-NUL, Wireless WPS Router RT-N10E, Wireless WPS Router RT-N10LX, Wireless WPS Router RT-N12E, Wireless WPS Router RT-N12LX |
BEST ONE TECHNOLOGY CO., LTD. | AP-BNC-800 |
Beeline | Smart Box v1 |
Belkin | F9K1015, AC1200DB Wireless Router F9K1113 v4, AC1200FE Wireless Router F9K1123, AC750 Wireless Router F9K1116, N300WRX, N600DB |
Buffalo Inc. | WEX-1166DHP2, WEX-1166DHPS, WEX-300HPS, WEX-733DHPS, WMR-433, WSR-1166DHP3, WSR-1166DHP4, WSR-1166DHPL, WSR-1166DHPL2 |
Calix Inc. | 804Mesh |
China Mobile Communication Corp. | AN1202L |
Compal Broadband Networks, INC. | CH66xx cable modems line. |
D-Link | DIR-XXX models based on rlx-linux, DAP-XXX models based on rlx-linux, DIR-300, DIR-501, DIR-600L, DIR-605C, DIR-605L, DIR-615, DIR-618, DIR-618b, DIR-619, DIR-619L, DIR-809, DIR-813, DIR-815, DIR-820L, DIR-825, DIR-825AC, DIR-825ACG1, DIR-842, DAP-1155, DAP-1155 A1, DAP-1360 C1, DAP-1360 B1, DSL-2640U, DSL-2750U, DSL_2640U, VoIP Router DVG-2102S, VoIP Router DVG-5004S, VoIP Router DVG-N5402GF, VoIP Router DVG-N5402SP, VoIP Router DVG-N5412SP, Wireless VoIP Device DVG-N5402SP |
DASAN Networks | H150N |
Davolink Inc. | DVW2700 1, DVW2700L 1 |
Edge-core | VoIP Router ECG4510-05E-R01 |
Edimax | RE-7438, BR6478N, Wireless Router BR-6428nS, N150 Wireless Router BR6228GNS, N300 Wireless Router BR6428NS, BR-6228nS/nC |
Edison | unknown |
EnGenius Technologies, Inc. | 11N Wireless Router, Wireless AP Router |
ELECOM Co.,LTD. | WRC-1467GHBK, WRC-1900GHBK, WRC-300FEBK-A, WRC-733FEBK-A |
Esson Technology Inc. | Wifi Module ESM8196 (therefore any device using this wifi module) |
EZ-NET Ubiquitous Corp. | NEXT-7004N |
FIDA | PRN3005L D5 |
Hama | unknown |
Hawking Technologies, Inc. | HAWNR3 |
MT-Link | MT-WR600N |
I-O DATA DEVICE, INC. | WN-AC1167R, WN-G300GR |
iCotera | i6800 |
IGD | 1T1R |
LG International | Axler Router LGI-R104N, Axler Router LGI-R104T, Axler Router LGI-X501, Axler Router LGI-X502, Axler Router LGI-X503, Axler Router LGI-X601, Axler Router LGI-X602, Axler Router RT-DSE |
LINK-NET TECHNOLOGY CO., LTD. | LW-N664R2, LW-U31, LW-U700 |
Logitec | BR6428GNS, LAN-W300N3L |
MMC Technology | MM01-005H, MM02-005H |
MT-Link | MT-WR730N, MT-WR760N, MT-WR761N, MT-WR761N+, MT-WR860N |
NetComm Wireless | NF15ACV |
Netis | WF2411, WF2411I, WF2411R, WF2419, WF2419I, WF2419R, WF2681 |
Netgear | N300R |
Nexxt Solutions | AEIEL304A1, AEIEL304U2, ARNEL304U1 |
Observa Telecom | RTA01 |
Occtel | VoIP Router ODC201AC, VoIP Router OGC200W, VoIP Router ONC200W, VoIP Router SP300-DS, VoIP Router SP5220SO, VoIP Router SP5220SP |
Omega Technology | Wireless N Router O31 OWLR151U, Wireless N Router O70 OWLR307U |
PATECH | Axler RT-TSE, Axler Router R104, Axler Router R3, Axler Router X503, Axler Router X603, LotteMart Router 104L, LotteMart Router 502L, LotteMart Router 503L, Router P104S, Router P501 |
PLANEX COMMUNICATIONS INC., Planex Communications Corp. | MZK-MF300N, MZK-MR150, MZK-W300NH3, MZK-W300NR, MZK-WNHR |
PLANET Technology | VIP-281SW |
Realtek | RTL8196C EV-2009-02-06, RTL8xxx EV-2009-02-06, RTL8xxx EV-2010-09-20, RTL8186 EV-2006-07-27, RTL8671 EV-2006-07-27, RTL8671 EV-2010-09-20, RTL8xxx EV-2006-07-27, RTL8xxx EV-2009-02-06, RTL8xxx EV-2010-09-20 |
Revogi Systems | |
Sitecom Europe BV | Sitecom Wireless Gigabit Router WLR-4001, Sitecom Wireless Router 150N X1 150N, Sitecom Wireless Router 300N X2 300N, Sitecom Wireless Router 300N X3 300N |
Skystation | CWR-GN150S |
Sercomm Corp. | Telmex Infinitum |
Shaghal Ltd. | ERACN300 |
Shenzhen Yichen (JCG) Technology Development Co., Ltd. | JYR-N490 |
Skyworth Digital Technology. | Mesh Router |
Smartlink | unknown |
TCL Communication | unknown |
Technicolor | TD5137 |
Telewell | TW-EAV510 |
Tenda | AC6, AC10, W6, W9, i21 |
Totolink | A300R |
TRENDnet, Inc., TRENDnet Technology, Corp. | TEW-651BR, TEW-637AP, TEW-638APB, TEW-831DR |
UPVEL | UR-315BN |
ZTE | MF253V, MF910 |
Zyxel | P-330W, X150N, NBG-2105, NBG-416N AP Router, NBG-418N AP Router, WAP6804 |
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.