![]() ![]() The last security update for version 2.6.36 was in February 2011.Įven the best devices had at least 21 critical vulnerabilities and at least 348 rated with high severity, the study found. At the time of writing, the current Linux kernel is 5.7.7. At least 90% of the routers used Linux, but over a third of them used version 2.6.36 of the Linux kernel or even older. It found that 46 of them had received no security updates within the last year. ![]() The Institute used a firmware analysis and comparison tool to extract and analyze the routers’ most recent firmware. “This means, whatever they try to secure with a public-private crypto mechanism is not secure at all.” “Most firmware images provide private cryptographic key material,” it continued. The routers usually failed to use exploit mitigation techniques, it said, adding that some had passwords that users could not change, and which were either well-known or easy to crack. “Even if the routers got recent updates, many of these known vulnerabilities were not fixed.” “Many routers are affected by hundreds of known vulnerabilities,” it warned. The FKIE examined 127 routers spanning seven large vendors and found security flaws in all of them, it said in a report released in late June. ![]() According to a study by Germany’s Fraunhofer Institute for Communication (FKIE), vendors have failed to fix hundreds of vulnerabilities in their consumer-grade routers, leaving people exposed to a wide range of attacks.
0 Comments
Leave a Reply. |