Your wireless router is likely vulnerable to multiple attack vectors, even with the latest firmware provided by the manufacturer. This is the result highlighted in a new report from the Fraunhofer Institute for Telecommunications Research (FKIE). The researchers examined 127 home routers from seven different manufacturers, and not a single one was completely secure.

"Our results are alarming. There is no such thing as a flawless router," the researchers said.

The report (via ZDNet) noted that dozens of the routers tested had not received firmware updates in the past year. And regardless of whether a particular model has received an update, the researchers said they found "hundreds of known vulnerabilities" in many of those they examined, including those that had recently been patched.

This is indeed alarming, as routers are typically always up and running. The researchers also noted that routers are more important than ever now that more people are being forced to telecommute due to the coronavirus pandemic.

Almost all of the routers studied were running some form of Linux, which is generally considered more secure than other operating systems. Still, Linux is not impenetrable. It does not help that more than one-third of the routers tested were running much older versions of Linux that have not been security patched in nearly a decade (and in some cases longer).

The oldest kernel version was found on the Linksys WRT54GL, which is based on a build of Linux released in 2002. To be fair, this model was released in 2005, but Linksys still sells the WRT54GL in its web store; other routers tested, such as Netgear's R6800, are more recent.

The researchers used the open-source Firmware Analysis and Comparison Tool (FACT) to extract firmware images from the tested routers. Results were mixed, but the best ones had at least 21 critical vulnerabilities or a staggering 328 highly rated exploits.

As a group, researchers found, on average, 53 critical flaws in each router.

The report does not go into detail about what specific attacks these vulnerabilities expose users to, but states that more than 10 models tested hardcode "well-known or easily crackable credentials" into their firmware. The report states. They also question why router manufacturers would use publicly available encryption keys that could allow hackers to impersonate the device and launch man-in-the-middle attacks.

"In summary, our analysis shows that there is no router without flaws, and no vendor does a perfect job on all security aspects. Much more effort is needed to make home routers as secure as today's desktop and server systems," the report concludes.

Nevertheless, the researchers found some differences among manufacturers. In particular, Asus and Netgear do a better job than D-Link, Linksys, TP-Link, and Zyxel in some respects.