Skip to Content
© Kasarp Techawongtham | Dreamstime.com
Security & privacy

Millions of routers are at risk of hacking thanks to this bug

When’s the last time you gave your router a second thought beyond checking the bottom sticker for the password? This device is your gateway to the internet and has its own software and settings. By the way, you should use your own unique, strong password rather than the one your router comes with. Hackers have access to the default password.

Beyond that, your router should be updated, encrypted and placed in a location where its signal would be strongest. Tap or click here for more tips that will boost your Wi-Fi and solve some connection issues you may come across.

As with anything connected to your computer and/or a network, your router is vulnerable to cyberattacks. A recent report reveals that hackers are exploiting firmware to access routers. We’ll show you which ones are affected and what you can do to protect yours from attack.

The discovery

Last week, cybersecurity firm Tenable publicly disclosed a vulnerability that leads to an authentication bypass. The exploit lets a hacker access information through a router and even take control of the device.

A few days later, another cybersecurity company, Juniper Threat Labs, discovered that hackers were already exploiting the vulnerability. “This vulnerability potentially affects millions of home routers (and other IoT devices using the same vulnerable code base) manufactured by no less than 17 vendors according to Tenable research, including some ISPs,” Juniper wrote.

The vulnerability was found in routers that use firmware developed by Arcadyan, which includes the following manufacturers/ISPs: ADB, Arcadyan, ASMAX, ASUS, Beeline, Buffalo, KPN, Telus, Verizon, Vodaphone and more.

Always be updating

First, make sure to update your router to the latest available firmware version. Newer routers download updates automatically, but you can also do it manually. If it’s not automatic, update your router every three months.

You’ll need to get to your router admin page. This requires the IP address used by your router and the admin password. You can usually find these in the user guide for your router brand, but some sites can help you figure it out if you don’t have this information. Tap or click here for a list of default passwords for 548 router brands.

Once you’ve opened your router’s admin page, find a section called Advanced or Management to look for firmware updates. Download any updates available to bring your system up to date. If there is an option in your router settings that enables automatic updates, make sure to turn it on. 

Tap or click here for five router settings that will keep hackers away from your connected devices.

More protection

A reliable antivirus program will protect your devices from attack. Our sponsor TotalAV is an antivirus security suite that offers protection from viruses, adware, ransomware, malware and more. Its Safe Site browser extension also blocks phishing sites.

TotalAV works on Windows PC, Mac, iPhone and Android smartphones. You can protect up to five devices on one account. Even better, you can get an annual plan for $19 right now.

If your router was on the list of vulnerable devices, you might want to get a new one. Here are a couple of solid choices:

By clicking our links, you’re supporting our research. As an Amazon Associate, we earn a small commission from qualifying purchases. Recommendations are not part of any business incentives.

Keep reading

Free check to see if your router has been hacked by criminals

Have lousy Wi-Fi? Upgrade to a mesh system

Refer friends, earn rewards!

Why not share your source of digital lifestyle news, tips and advice with others? When your friends and family subscribe to Kim's free newsletters, you earn points toward awesome rewards!

Get rewarded