An independent security consulting firm (ISE) in 2013 tested popular router and NAS devices and discovered 53 new CVEs. That study was entitled SOHOpelessly Broken as 100% of the devices had a vulnerability. This year, 13 new SOHO routers and NAS devices have been tested to see if vendors have enhanced their security over the years. SOHOpelessly Broken 2.0 vulnerabilities resulted in 125 CVEs. The research concludes that common devices deployed in small office and home office settings are likely to be susceptible to exploits that can cause serious damage despite the enhanced attention IoT device companies have paid to security since 2013. Although they have used a responsible disclosure process, it is still very worrying as many individuals do not update their firmware frequently. It should also be noted that many vendors use the same code throughout their entire product line, meaning many other related devices will share vulnerabilities.
Leave a Reply
You must be logged in to post a comment.