sb-nz logo
Story image

ESET discovers 'disturbing' router security issues

Recent tests have shown that atleast 15% of home routers are unsecure with weak passwords and software vulnerabilities quite common.

That’s according to research from ESET after testing more than 12,000 home routers of users who agreed to share their data.

Peter Stancik , author at We Live Security, says that during the test, common default usernames and passwords as well as some frequently used combinations were tested.

“It’s disturbing that more than one in seven of such simple simulated attacks was successful,” he says.

The research also found that approximately 7% of the routers tested show vulnerabilities of high or medium severity. The second most common vulnerability at 40% was a command injection vulnerability.

Of all the software vulnerabilities found, nearly 10% were called cross-site scripting (XSS) vulnerabilities. According to ESET, these enable attackers to modify router configuration in order to be able to run a forged client-side script. 

This data was collected from the new Home Network Protection feature that enables users to scan their home routers for vulnerabilities, malicious configurations, exploitable network services and weak passwords. 

“The results clearly show that routers can be attacked fairly easily, by exploiting one of the frequently found vulnerabilities. This makes them an Achilles heel in the overall internet security of households, as well as small businesses,” says Stanck.

“Users should make sure that they use strong passwords to protect their home routers, as well as using the latest firmware.”

Story image
Kaspersky steps in to protect automotive industry from cyber threats
The company’s TI report, previously available for a selected range of customers, is able to provide car manufacturers with in-depth analysis of industry-specific security threats.More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More