A look at home routers, and a surprising bug in Linux/MIPS

[best.binoculars]

Interesting papers about software safety in home routers.

https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html

 

[RMerlin]

The majority of problems aren't the fault of the manufacturers tho, but bugs and limitations of the platform.

 

[slobodan]

Also, these are more theoretical than practically exploitable vulnerabilities, i.e. on a router which is firewalled (no open ports, GRC TruStealth passed).

 

[Vexira]

so in theory an rt-ax88u would be better than the ac88u, because of the newer kernel and its not on the list?

 

[sfx2000]

The majority of problems aren't the fault of the manufacturers tho, but bugs and limitations of the platform.

Yep, and even then, many times it's not only the OEM code, but the chipset vendors SDK/BSP's that can introduce issues or fail to pull in fixes that have been in mainline.

Classic example of vendor security issue - Allwinner's backdoor or the upnp bug that many vendors have still not fixed even when the daemon itself has been fixed..

 

[RMerlin]

That white paper is just academical material. People shouldn't even be concerned about it unless they are researchers or developers themselves.