Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Special Report

Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers

  • July 2017
  • By Joel Land
  • This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers.
  • Vulnerability Analysis
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-2017-SR-019
  • Abstract

    Customer-premises equipment (CPE)—specifically small office/home office (SOHO) routers—has become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.

    This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERT/CC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.

  • Download