Accession Number:

AD1046655

Title:

Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers

Descriptive Note:

Technical Report

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Personal Author(s):

Report Date:

2017-07-01

Pagination or Media Count:

82.0

Abstract:

Customer-premises equipment CPEspecifically small officehome office SOHO routershas become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.This report describes a test framework that the CERTCC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERTCC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE