About 15 percent of all home routers are unsecure, according to a study recently released by ESET. ESET took a look at home 12,000 routers and found that 15 percent had weak passwords with the default ‘admin’ being the username.
Craig Young, Security Researcher at Tripwire:
“Frankly ESET’s numbers are strikingly low compared to what I’d expect to find. One of the figures for example was that 7% of the devices had medium or high risk vulnerabilities but per our own (Tripwire VERT) study, it was closer to 3/4ths of the top selling routers on Amazon US that had serious vulnerabilities with almost half having no patches available to remediate the risk.
Another take away from this study is the high number of devices with weak passwords running on an HTTP service (including HNAP). This is a tremendous risk because attacks against web interfaces can often be launched simply by loading a malicious web page.
My advice to router vendors is to move beyond web based management. This is a huge attack surface and unfortunately device makers almost always prove themselves as not being up for the task of designing a secure web interface.”