Continuous attacks on routers and connected devices

In the last few months we have been flooded with reports about vulnerability and exploits on Internet connected devices such as routers, house automation devices (light switches), Point of Sale (POS) devices.

Let’s briefly review what has happened in this time:


AVM’s Fritz.Box

avm fritz


The sources in the media report that the patches that AVM, the producer of the routers delivered for all devices, were actually fixing another problem. The initial reports were mentioning that the vulnerability is related to remote access functionality in the router. Simply disabling it would have solved the problem, but the latest reports show that even without the remote control enabled, the routers are vulnerable. The only solution is to patch the devices with the latest firmware. Those who don’t know how to do this, must read the detailed instructions here (DE, EN).





Belkin produces many products, but the house automation products (WeMo) and routers. The last vulnerability in the WeMo devices allows an attacker to overwrite the firmware and remote control the devices. The solution is not known at the moment, sources report that the only way to avoid an attack is either to shut down the device or to not allow access from the Internet.


Other routers: Asus, LinkSys, D-Link

Asus: allows attackers access to resources shared in the internal network

LinkSys: hit by the work TheMoon.

D-Link: allows unrestricted login through a backdoor

All these devices have known vulnerabilities and many of them are unpatched since months. A simple search in your favorite search engine after “<device> vulnerability” will give you hundreds or thousands of article about reports of vulnerabilities.




Not many, unfortunately.

The most obvious is to trigger a firmware update whenever possible and hope that the producer of the device has fixed the vulnerabilities.

If this is not the case, the mitigation of these risks is usually related to the access from the Internet, but not always. Whenever possible,  try to deactivate the remote access. Note that this doesn’t restrict in any way the functionality of the device, but it might restrict some of the functions. For example, some devices have mobile apps that remotely control the device. If such a configuration is done, these apps might not work anymore.

Some routers offer functionalities like Web server, FTP server, ActiveSync, iTunes sync, “Cloud Disk”, “Smart Access”, “Guest Access”, “Own Cloud”, “Media Streaming” and alike. All these have one thing in common: they allow access from the Internet via various protocols.

Whatever functionality your router has, if you are unsure what these functions do, just deactivate them.


Sorin Mustaca
IT Security Expert

 Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

from Avira – TechBlog

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: