Record-breaking number of router security flaws discovered in the last few years

Edward G. | August 2, 2022

The data presented by Atlas VPN reveals that router vulnerabilities have surged to record heights in the past few years. 

It is argued that routers have received more attention due to the increase in remote work, which opens up the possibility for hackers to breach corporate security by abusing old and unpatched home routers.

Router security flaws are hazardous as they may expose individuals and corporate networks to cybersecurity dangers such as hacking, data breaches, financial fraud, industrial espionage, and others.

The figures for the analysis were extracted by Kaspersky from cve.mitre.org and nvd.nist.gov. Even though these data sources show a different number of flaws, they both depict a clear upward trend in vulnerabilities.

According to cve.mitre.org, researchers found a record-breaking 321 vulnerabilities in 2021, the highest in over a decade. Yet, the increase started a year before, when flaws jumped from 130 in 2019 to 206 in 2020, representing a growth of 58%. 

On the other hand, data from nvd.nist.gov informs us that 2020 was the worst year for router flaws, with a total of 603 vulnerabilities, a substantial increase of 191% over 2019.  

However, 2021 was not much better, as vulnerabilities remained alarmingly high.

More importantly, out of 506 vulnerabilities identified last year, 87 of them were marked as critical. Of these vital flaws, 29.9% remained unpatched and without updates of any kind from the vendors. 

Another 26% of critical flaws were only acknowledged by the vendors but not fixed as of June 8, 2022.

Critical vulnerabilities are the doors that allow an intruder to enter a household or corporate network. They make it considerably easier to hack the router, allowing to circumvent password security measures, execute third-party programs, skip authentication, send remote orders to the router, or even deactivate it. 

Kaspersky shares a story from early 2022 when a security researcher essentially shut off the whole of North Korea from the internet by exploiting unpatched vulnerabilities in vital routers and other network equipment.

Considering that nearly every household and company use routers, it is a major security loophole in the global security landscape. 

Router security advice

Your home Wi-Fi network may become a haven for hackers if not protected. A little flaw in your home Wi-Fi network can provide criminal access to nearly all the devices connected.

Scammers may get access to your online bank accounts or credit card gateways. They may be able to intercept sensitive emails or even infect your device with malware. 

To safeguard yourself against these attacks, be sure to follow the main router cybersecurity practices:

  • Make your wireless network password unique and strong. Most wireless routers have a default password. Hackers may easily guess this default password, especially if they know the router manufacturer.

  • Change the Default SSID. Change your WiFi network's default name, usually known as the SSID. Leaving the default can show your router's manufacturer and model.. You may also instruct your router to stop broadcasting the SSID entirely. To connect to WiFi using a new device, you must manually enter the network name rather than picking it from a list of nearby possibilities.

  • Keep your router’s software up to date. As stated in the article, router firmware can have flaws that can lead to serious vulnerabilities if not immediately addressed by their makers' firmware upgrades. It is vital to install the most recent software for your router and download the most recent security updates as soon as possible.

  • Enable network encryption. Almost every wireless router has encryption. Most routers, however, have it turned off by default. Enabling the encryption setting on your wireless router might help safeguard your network.

Browse safely & anonymously with a VPN

Browse safely & anonymously with a VPN

Encrypt your internet traffic and defend against online snooping, hackers, governments, or ISPs.
Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.

Tags:

routervulnerabilities

© 2022 Atlas VPN. All rights reserved.