Is Your Biggest Cyber Vulnerability Your Router?

Is Your Biggest Cyber Vulnerability Your Router?

TheBestVPN found vulnerabilities in several big name routers.

  • By Sydny Shepard
  • Aug 21, 2018

Internet routers could be affected by a major security flaw that could let hackers infiltrate your home network.

Research from TheBestVPN found vulnerabilities in routers from some of the biggest device manufacturers around today, including those from NetGear, D-Link and ZTE.

The research team found that all three contained software flaws that could allow malicious access, which TheBestVPN says could result in, "a complete takeover of your router".

The team says that the hack process is relatively straightforward, with the criminals simply needing to create a page with a basic JavaScript or html form. When a user clicks on this or lands on the webpage, external functionalities can be launched, allowing personal data can be exploited.

Craig Young, a computer security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT), says TheBestVPN is describing a multiple cross-site request forgery (CSRF) attack.

"The premise of CSRF is that an attacker can trigger a victim’s web browser to make HTTP requests to another web site without the target site recognizing that the request was forged," Young said. "In this case, the targeted web site would most likely be the web page for controlling router settings, but it could also be a server used for media streaming or file sharing. In most cases, a CSRF attack requires that the victim is logged into the vulnerable web site, but routers often have vulnerabilities which can be triggered by unauthenticated HTTP requests."

Since the devices are older, Young wonders if a security fix will be made available.

“A quick Google search indicates that these are all older devices which raises an interesting question of whether security fixes will be made available," Young said. "For a successful CSRF attack, the attacker needs to locate the victim’s router to relay an attack. An advanced user can thwart unsophisticated attempts to exploit these bugs by simply using a less common router address like 10.9.8.7 instead of 192.168.0.1. A more complete fix however would be to actively disable the HTTP management interface of the router so that it cannot be attacked.”

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

Most   Popular

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.