Security News > 2024 > August > OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware
2024-08-07 06:14

The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components associated with known vulnerabilities.

The research showed that widely used OT/IoT router firmware images have, on average, 20 exploitable n-day vulnerabilities affecting the kernel, leading to increasing security risks.

"Our recent Sierra:21 research found tens of thousands of devices with outdated firmware are exposed online, easily accessible to hackers. Following the publication of Sierra:21, we wanted to understand the state of software components in OT/IoT network devices from other vendors, and what threat actors might uncover if they looked more closely at this software supply chain. Instead of finding new vulnerabilities, our goal was to look at what is already known, but still present in the latest firmware releases of routers."

The analysis identified an average of 662 components and 2,154 findings, including known vulnerabilities, weak security posture, and potential new vulnerabilities in each firmware image.

Even the most recent firmware images do not use the latest versions of open-source components, including critical elements such as the kernel and OpenSSL. Known vulnerabilities abound.

On average, firmware images had 161 known vulnerabilities in their most common components: 68 with a low or medium CVSS score, 69 with a high score, and 24 with a critical score.


News URL

https://www.helpnetsecurity.com/2024/08/07/ot-iot-router-firmware-vulnerabilities/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Openwrt 4 1 38 9 2 50