Report: Majority of critical router vulnerabilities remain unpatched

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 — 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

A new analysis from Kaspersky shows that most critical router vulnerabilities discovered in 2021 remain unpatched. The vulnerabilities threaten the security of millions of devices set up daily in homes and workplaces.

Overall, 506 vulnerabilities were discovered in 2021, including 87 critical ones. Almost a third of the critical vulnerabilities remain without any response from vendors, while another 26% received only a comment from the company.

The total vulnerability figures continued a trend that began in 2020, when there were 603 new vulnerabilities, which was roughly triple the totals from each of the two previous years.

Critical vulnerabilities are the most unprotected “holes” through which an attacker can penetrate a home or corporate network. Such vulnerabilities may let the attacker bypass authentication, send remote commands to a router, or even incapacitate it. Attackers can steal any data or files transmitted over an infected network. Through an infected router, an attacker can also redirect users to phishing pages masquerading as often-used webmail or online banking sites. Any data they enter on these pages, such as login and password from the email or bank card details, will immediately fall into the hands of fraudsters.

Threats stemming from vulnerable internet routers can affect business organizations. Criminals may seek to steal sensitive corporate information such as contracts sent over email. Smaller businesses often don’t have the expertise or resources to identify or understand a threat before it’s too late. User inaction is especially dangerous when routers are used in sensitive environments such as hospitals or government buildings, where a data leak could potentially have a severe impact.

Security experts recommend always changing default passwords, installing updates in a timely fashion, never buying smart home appliances secondhand, using WPA2 encryption, disabling remote access in the router’s settings, selecting a static IP address, disabling DHCP and protecting Wi-Fi with a MAC filter. Users should also install security solutions that can protect their networks and connected devices.

Read the full report by Kaspersky.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.