Security Flaws Rampant in Home Routers, Researchers Say

Credit: Bocho/ShutterstockCredit: Bocho/Shutterstock

What do D-Link, Netgear, Linksys and Belkin all have in common? At least 22 DSL home gateways and stand-alone Wi-Fi routers made by those companies may have dangerous security vulnerabilities, according to an audit done by three researchers in preparation for a master's thesis in IT security at the European University of Madrid in Spain.

The research was focused on home gateways (devices that combine the functions of a modem and a Wi-Fi router) that Spanish ISPs give to DSL customers, but the findings by the trio -- Jose Antonio Rodriguez Garcia, Alvaro Folgado Rueda and Ivan Sanz de Castro -- are not limited by geography or point of sale, as it includes devices you yourself can buy today.

MORE: Best Router - Get a Better Wi-Fi Signal at Home

For example, the researchers said that the Linksys WRT54GL, a common stand-alone Wi-Fi router (for use with a separate modem), is vulnerable to an unauthenticated cross-site-scripting attack, in which an attacker can remotely inject malicious code into the router's administrative HTML interface. Once that's happened, it's game over; your security and privacy is essentially kaput and done, and the attacker can do whatever he or she likes to your networked devices.

Many of the devices evaluated by the researchers appear to be very similar physically, but since they do not all seem to share the same flaws, their firmwares likely differ. Other than cross-site-scripting vulnerabilities, the risks apparently include off-site reboot commands, read and write access to data on connected USB storage devices and denial-of-service (i.e., make it stop working) attacks.

Twenty of the devices examined were DSL gateway routers, most of which were given or leased to ISP customers. Two were stand-alone Wi-Fi routers: the WRT54GL and the D-Link DIR-600.

Here is a full list of the devices purported to be at risk:

1. Observa Telecom AW4062
2. Comtrend WAP-5813n

3. Comtrend CT-5365

4. D-Link DSL-2750B

5. Belkin F5D7632-4

6. Sagem LiveBox Pro 2 SP

7. Amper Xavi 7968 and 7968+

8. Sagem Fast 1201

9. Linksys WRT54GL

10. Observa Telecom RTA01N

11. Observa Telecom Home Station BHS-RTA

12. Observa Telecom VH4032N

13. Huawei HG553

14. Huawei HG556a

15. Astoria ARV7510

16. Amper ASL-26555

17. Comtrend AR-5387un

18. Netgear CG3100D

19. Comtrend VG-8050

20. Zyxel P 660HW-B1A

21. Comtrend 536+

22. D-Link DIR-600

Henry T. Casey is a Staff Writer at Tom’s Guide. Follow him on Twitter @henrytcasey. Follow us@tomsguide, on Facebook and on Google+.

Create a new thread in the Off-Topic / General Discussion forum about this subject
This thread is closed for comments
No comments yet
    Your comment