The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but the matter of its security is still something that concerns even today. As we connect everything from coffee maker to front-door locks and cars to the Internet, we’re creating more potential, and possibly more dangerous, ways for hackers to wreak havoc and the risk continues every day. Today, we talk about the flaws discovered in routers and NAS devices that will otherwise urge us to reconsider our choice based on popularity.
Insufficient against attacks
From computers and phones to IP Cameras, smart TVs and connected appliances, there are more than over a hundred ways a hacker can threaten the security and privacy of your wide range of wireless devices. In its latest study titled SOHOpelessly Broken 2.0, Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, likely affecting millions.
A wide range of malfunctions
According to the security researchers, all of these 13 widely-used devices they tested had at least one web application vulnerability that could allow a remote attacker to gain remote shell access or access to the administrative panel of the affected device. These vulnerabilities range from cross-site scripting (XSS), cross-site request forgeries (CSRF), buffer overflow, operating system command injection (OS CMDi), authentication bypass, SQL injection (SQLi), and file upload path traversal vulnerabilities.
Affected router vendors
SOHO routers and NAS devices tested by the researchers are from the include popular manufacturers such as Buffalo, Synology, TerraMaster, Zyxel, Drobo, ASUS and it’s subsidiary Asustor, Seagate, QNAP, Lenovo, Netgear, Xiaomi, and even Zioncom (TOTOLINK).