Researchers from SEC Consult have published details of a critical kernel stack buffer overflow vulnerability in NetUSB, a software component that provides "USB over IP" functionality and is included in most recent firmware versions of many TP-Link, Netgear, Trendnet, and Zyxel networking devices.
A critical vulnerability in version 1.3 of the RealTek software development kit (SDK) has opened hole in D-Link and Trendnet Wi-Fi routers - and possibly many others, as well - which can be exploited by attackers to execute arbitrary code on the devices.
Prolific hacker Craig Heffner, who has a particular interest in hacking embedded devices, has recently documented the existence of a command injection bug in the firmware of D-Link's DIR-890L router.
A considerable number of routers manufactured by US-based Belkin use a flawed method for creating PINs for Wi-Fi Protected Setup (WPS), making them easily discoverable by attackers, a researcher has found.
With a simple search, John Matherly, the creator of Shodan, has discovered with it more than 250,000 routers that share the same SSH key, meaning they also share the same private key.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.