Software vulnerabilities leave home routers hackable
ESET’s Home Network Protection feature scans home routers for vulnerabilities and weak passwords
ESET has revealed that its latest security offering has uncovered software vulnerabilities in home routers due to weak password choices.
In April this year, ESET introduced its Home Network Protection feature that enables users to scan their home routers for vulnerabilities, malicious configurations, exploitable network services and weak passwords. Its analysis found that almost 7% of the routers tested demonstrated software vulnerabilities of high or medium severity. Furthermore, port scanning revealed that network services were accessible from internal as well as from external networks.
In addition, the results also prove that 15% of the routers tested used weak passwords, with “admin” left as the username in most cases.
Peter Stančík, ESET security evangelist, said: “In particular, unsecured services such as Telnet shouldn’t be left open, not even to local network, which was – unfortunately – the case with more than 20% of the routers tested.
“During the test, we tried common default usernames and passwords and also some frequently used combinations. It’s disturbing that more than one in seven of such simple simulated attacks was successful.”
Another frequent vulnerability discovered was a command injection vulnerability, this aims for the execution of arbitrary commands on the host operating system via a vulnerable application, largely with insufficient input validation.
“The results collected by ESET Home Network Protection during BETA testing of ESET security solutions clearly show that routers can be attacked fairly easily, by exploiting one of the frequently found vulnerabilities. This makes them an Achilles heel for the overall internet security of households as well as small businesses,” added Stančík.
please check our security solutions from this link
as Ibtekar We provide security solutions for organizations of all sizes including monitoring, managing and co-managing of security devices, security and risk consulting services, vulnerability management, application scanning and global threat intelligence. We are currently providing information security services to thousands of end customers. Our model does not require any capital expenditure from our clients and comprises a cloud-based information security and compliance solution that is accessible via a customized and secure customer platform.