Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Special Report

Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers

  • July 2017
  • By Joel Land
  • This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers.
  • Vulnerability Analysis
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-2017-SR-019
  • Abstract

    Customer-premises equipment (CPE)—specifically small office/home office (SOHO) routers—has become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.

    This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERT/CC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.

  • Download