View The Document

Accession Number:

AD1046655

Title:

Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers

Personal Author(s):

Land,Joel

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Report Date:

2017-07-01

Abstract:

Customer-premises equipment CPEspecifically small officehome office SOHO routershas become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.This report describes a test framework that the CERTCC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERTCC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.

Descriptive Note:

Technical Report

Pages:

0082

Descriptors:

MALWARE

COMPUTER NETWORK SECURITY

VULNERABILITIES

internet

WIDE AREA NETWORKS

Identifiers:

CPE(Customer premises equipment)

ROUTERS

SOHO(small office home office)

web interface vulnerabilities

Subject Categories:

Computer Systems Management and Standards

Communities Of Interest:

C4I

Modernization Areas:

Fully Networked C3

Distribution Statement:

Approved For Public Release;

Contract Number:

FA8702-15-D-0002

File Size:

2.08MB

View The Document