Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers

Abstract

Customer-premises equipment (CPE)specifically small office/home office (SOHO) routershas become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERT/CC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2017
Accession Number
AD1046655

Entities

People

  • Joel Land

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Application Protocols
  • Case Studies
  • Coding
  • Communications Protocols
  • Denial Of Service Attack
  • Dns Cache Poisoning
  • Electronic Mail
  • Engineering
  • Information Operations
  • Intellectual Property
  • Language
  • Local Area Networks
  • Network Protocols
  • Operating Systems
  • Port Scanners
  • Security
  • Software Development

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Nuclear Civil Defense.
  • Systems Analysis and Design