Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers
• Special Report
Software Engineering Institute
CMU/SEI Report NumberCMU/SEI-2017-SR-019
DOI (Digital Object Identifier)10.1184/R1/6584558.v1
Customer-premises equipment (CPE)—specifically small office/home office (SOHO) routers—has become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.
This report describes a test framework that the CERT/CC developed to identify systemic and other vulnerabilities in CPE routers. It also describes the procedure the CERT/CC used in its analysis, and presents case studies and suggestions for tracking vulnerabilities in a way that encourages vendor responsiveness and increased customer awareness.