search menu icon-carat-right cmu-wordmark

Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers

July 2017 Special Report
Joel Land

This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2017-SR-019

Abstract

Customer-premises equipment (CPE)—specifically small office/home office (SOHO) routers—has become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.

This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERT/CC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.