Original release date: December 15, 2015
Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user’s gateway to the Internet. Router misconfigurations (e.g., default credentials, interfaces open to the Internet) or the lack of security precautions (e.g., absence of updates) may make users susceptible to exploitation. Once an attacker gains unauthorized access to a vulnerable router, they may be able to obtain sensitive information from a user’s computer or perform other attacks. Users and administrators are encouraged to review Security Tip ST15-002 for guidance on how to secure home and small business routers.
Additionally, the Carnegie Mellon CERT Coordination Center (CERT/CC) continues to test small office and home office (SOHO) routers for vulnerabilities. US-CERT encourages users and administrators to review CERT/CC Router Vulnerability Notes for information on recently found vulnerabilities in some routers.