Published in News

117 home Wi-Fi models have dodgy firmware

by on09 July 2020

Fraunhofer Institute finds flaws

The Fraunhofer Institute has used its own analytical software and discovered that the most recently available firmware for 117 home Wi-Fi models currently sold in Europe, including routers from Asus, D-Link, Linksys, Netgear, TP-Link, Zyxel and AVM are shot full of holes.

The full list of the tested models and firmware is on GitHub. The institute was not able to examine the firmware of 10 more models, mostly from Linksys. The report notes that many firmware updates are issued without fixing known flaws.

According to Tom's Hardware, the only thing you can do is make sure that the next router you buy automatically installs firmware updates.

Users should check to see their current router makes it fairly easy to install firmware updates manually. You should also make sure that the administrative password for your router has been changed from the factory default password.

They should also check its administrative interface to make sure that UPnP and remote access are disabled. And if your router was first released more than 5 years ago, consider buying a newer model unless it meets all of the above criteria. Alternatively, you could try to "flash" your older router to run more secure open-source router firmware such as OpenWrt, DD-WRT or Tomato.

"The worst case regarding high severity CVEs [widely known flaws] is the Linksys WRT54GL powered by the oldest kernel found in our study", the report said, noting that this model uses the 2.4.20 kernel from 2002. "There are 579 high severity CVEs affecting this product."

Tom's said that particular model last had its firmware updated in January 2016, one of the oldest firmwares in the study. The Linksys WRT54GL was first released in 2005 and is still sold today, even though it handles Wi-Fi protocols only up to 802.11g. However, the WRT54G series is possibly the best-selling family of Wi-Fi routers ever.


Last modified on 09 July 2020
Rate this item
(0 votes)

Read more about: