threatpost.com/ report-most-popular-home-routers-have-critical-flaws/ 157346/
...Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don't fix. A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. The "Home Router Security Report" (PDF) by Peter Weidenbach and Johannes vom Dorp-both from the German think tank Fraunhofer Institute-found that not only did all of the routers they examined have flaws, many "are affected by hundreds of known vulnerabilities," the researchers said. On average, the routers analyzed--by vendors such as D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel-were affected by 53 critical-rated vulnerabilities (CVE), with even the most "secure" device of the bunch having 21 CVEs, according to the report. Researchers did not list the specific vulnerabilities.... ..."To sum it up, our analysis shows that there is no router without flaws and there is no vendor who does a perfect job regarding all security aspects," Weidenbach and vom Dorp wrote. "Much more effort is needed to make home routers as secure as current desktop or server systems." While people make common mistakes when configuring home routers-thus leading to security issues-they are not the primary reasons for the lack of security found among the devices, researchers said. Their analysis clearly shows that device vendors, despite knowing the security risks, are still doing a rather dismal job to ensure that routers are secure even before users take them out of the box... ...Some vendors seem to prioritize security a bit more than others, according to the report. AVM International was the best of the bunch in terms of all the security aspects researchers examined, although the company's routers also contained flaws, they said. ASUS and Netgear also prioritized several aspects of device security more than some of the other vendors. Both update their routers more frequently than their rival companies, and use more current, supported versions of the Linux kernel for their firmware, researchers found. Among the routers examined, those from D-Link, Linksys, TP-Linkand Zyxel fared the worst in terms of how well common security aspects were addressed out of the box, according to the report....