A report from Independent Security Evaluators (ISE) found “critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points.”
The report categorized these remote locally accessible vulnerabilities as follows:
- Trivial attacks can be launched directly against the router with no human interaction or access to credentials.
- Unauthenticated attacks require some form of human interaction, such as following a malicious link or browsing to an unsafe page, but do not require an active session or access to credentials.
- Authenticated attacks require that the attacker have access to credentials (or that default router credentials are used—an all-too-common situation) or that a victim is logged in with an active session at the time of the attack