[Cryptography] "Home router warning: They're riddled with known flaws and run ancient, unpatched Linux"
Jerry Leichter
leichter at lrw.com
Thu Jul 9 08:57:36 EDT 2020
https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/
Shocking. And there's gambling going on, too.
All but one small German maker embedded private keys in their firmware. "The Netgear R6800 router contained 13 private keys."
A third are running Linux kernel version 2.6.36 or older. The latest security update for 2.6.36 was in February of 2011. One Linksys router was running 2.4.20, released in 2002. There are 579 high-severity CVEs affecting that.
One thing I find disturbing is how little you can trust what you think you know about the companies. I would have considered Netgear as high end, more expensive, probably trustworthy. On the other hand, ASUS always came across as a cheap Chinese (actually Taiwanese) clone. Both are at the top of the rankings in this report (not that that's much to be proud of). I thought of Linksys as good because they were owned by Cisco. Not so much - but then again, I didn't realize that Cisco sold them to Belkin (also pretty good?) who then sold them to Foxconn - which, as it happens, also owns ASUS! You just can't tell.
-- Jerry
More information about the cryptography
mailing list