Router Security | Website Change Log |
Website by Michael Horowitz |
NOVEMBER 2024
Nov 17: Added new Palo Alto Networks bugs to the Bugs page.
Nov 14: More buggy End of Life D-Link routers that will not be fixed. On the Bugs page.
Nov 13: Added a News story about ancient routers being hacked by bad guys in China.
Nov 12: In the topic on Extending Wi-Fi Range, added two recommended fast routers from Duckware.
Nov 11: Updated the topic on Extending Wi-Fi Range
Nov 4: Added another Router News story about the bugs in dedicated security network hardware devices.
Nov 3: Added a Router News story about the Chinese using hacked routers in password spraying attacks.
OCTOBER 2024
Oct 29: In the page on extending Wi-Fi range, added more on configuring a Wi-Fi extender
Oct 25: Still another Fortinet bug added to the Bugs page
Oct 13: Added Palo Alto and Fortinet bugs to the Bugs page
Oct 11: Updated the WPA3 topic on the WPA2, WPA3, WPA page. Updated the page on ISP provided routers to note my US-focused opinion. Added D-Link router bugs to the Bugs page. Added 14 DrayTek router bugs to the Bugs page. Updated Ping Reply on the Long List on the home page. Revised the DrayTek section on the Secure Routers page.
Oct 10: On the home page, updated the instructions on removing saved SSIDs in the section with Some Additional Thoughts.
SEPTEMBER 2024
Sept 30: Updated the WPA2 WPA3 page.
Sept 28: Updated the IP Address page.
Sept 27: Added another reason not to buy Ubiquiti devices on the Secure Routers page.
Sept 18: Updated the Peplink B One page with Bluetooth information.
Sept 17: Small updates to the Security Checklist page
Sept 9: Added a SonicWall bug to the Bugs page.
AUGUST 2024
Aug 31: Updated the Test Your DNS page. Multiple changes including the addition of a tester for Control D. Moved the boring DNS stuff off the Tester page to a new page: Still More About DNS.
Aug 27: Added a News story about hacked TP-Link routers from May 2023. Also added a current news story about Cisco walking away from old devices rather than fix a security problem. Also added a News story about fake Cisco hardware from May 2024.
Aug 19: Added a News story about member of US Congress want to investigate TP-Link routers
Aug 18: Added a new section on Software to the page on Wi-Fi performance (aka Extending Wi-Fi Range)
Aug 10: On the Long DNS Explanation page, added a warning that Windows 11 is buggy as hell in this regard.
JULY 2024
July 20: Added a News story about Linksys routers phoning home in clear text with SSIDs and passwords. Also added a Cisco bug to the Bugs page.
July 17: Added a new router bug, one that was hidden from the public by Sonicwall. Updated the Long DNS Explanation, the section on Windows.
July 15: Added the DNS report at dnssy.com to the Test Your DNS page.
July 3: Added a Juniper bug to the Bugs page.
July1: Updated the What Can Go Wrong page to include hacking Windows PCs.
JUNE 2024
June 30: Added a D-Link router bug to the Bugs page. Also added a flood of bugs in many different Asus routers. Also added router security advice from Asus for their routers to the page with Other Security advice.
June 3: Updated the Secure DNS topic on the Security Checklist page
June 1: Added a news story about routers from ISP Windstream being permanently bricked.
MAY 2024
May 31: Added a TP-Link router bug to the Bugs page
May 30: Updated the SSID topic with information on keeping a router out of the Location databases maintained by Apple and Google.
May 21: Added a story to the News page about Wi-Fi routers leaking their location.
APRIL 2024
April 29: Added links to some Peplink Forum postings about their B One router.
April 28: More Cisco hacking on the Router News page.
April 27: On the Bugs page added no details at all about the latest security bugs in a few Asus routers. Not a typo. On the VLAN page, linked to an article by Asus about setting up a VLAN on their routers.
April 26: On the page for configuring the Surf SOHO router, added more outbound firewall rule suggestions.
April 22: Updated the page for the Peplink B One router with real world speeds for the Balance 20x that it is replacing.
April 18: On the Long explanation about DNS, updated the iOS section.
April 17: Added a News story about TP-Link routers being hacked that speaks to a much larger issue about TP-Link.
April 15: On the DNS Providers page, totally re-did the section on Mullvad DNS are their offerings have changed (for the better)
April 12: On the Bugs page, added bugs in Netgear and TP-Link routers
April 10: Updated the Test Your Router page with new ports to test for LG Smart TVs. Also updated the What Can Go Wrong page with more examples of actual router attacks. In the Long Explanation of DNS on the Test Your DNS page, added setup instructions for macOS.
April 7: Updated the page on the Peplink B One router as the model with integrated 5G seems to have just been released.
MARCH 2024
March 31: Updated the topic of OPNsense on the Secure Routers page.
March 29: Updated the Secure Routers page.
March 26: Added a News story about old Asus routers getting hacked.
March 6: Updated the IP address page with new Chrome protections against accessing devices on your LAN.
March 4: Updated the Security Checklist page to add some security features found in AVM FRITZ!Box routers.
FEBRUARY 2024
Feb 29: Minor update to the Peplink B One page.
Feb 28: Added a couple News stories about the Russians hacking Ubiquiti Edge routers
Feb 23: Updated the Peplink B One page to note that 5G Store successfully converted a Surf SOHO config file backup of mine to work on the B One.
Feb 18: Minor update to the IP Address page to explain the 3 questions better.
Feb 16: Updated the What Can Go Wrong page to note that routers in the US were infect by the Chinese and by Russians with the intention of attacking the US.
Feb 10: Updated the Peplink B One router page.
Feb 6: The Peplink B One router is finally in stock somewhere.
Feb 3: Added a news story about the FBI hacking routers infected with the KV Botnet used by Chinese Volt Typhoon state hackers. Also updated the home page about periodically rebooting a router.
JANUARY 2024
Jan 30: It's here - the Peplink B One router has been officially announced so the page for it here has been drastically updated.
Jan 28: Amazon has a listing for the new Peplink B one router (without 5G) but it is not in stock.
Jan 25: Added a link to Peplink Security Advisories on the Resources page.
Jan 23: Updated the page on configuring the Surf SOHO with a heads up about the DPI option.
Jan 20: On the DNS providers page, updated the configuration of NextDNS on iOS.
Jan 18: Added an article to the Other Router Security Advice page.
Jan 16: Added a Who is Peplink? section to the Pepwave Surf SOHO page.
Jan 15: Added a link to the referenced Peplink University video on the Balance One page. Also updated the expected release date.
Jan 14: On the home page added a note about deleting old SSIDs from Wi-Fi devices. Also added a warning about a scam copy of this site.
Jan 10: On the DNS Providers page, added a new section for Government run DNS services.
DECEMBER 2023
Dec 14: On the DNS Providers page, added info about creating iOS profile files for NextDNS users.
Dec 12: On the Pepwave Surf SOHO page added a note about its soon-to-be-released replacement.
NOVEMBER 2023
Nov 30: On the VLAN page, updated the section on creating a VLAN with Peplink routers.
Nov 28: Added an article about Wi-Fi security to the Other router security articles page. Added PMF and WPA3 to the Checklist page.
Nov 17: Updated the pcWRT page with info on their new model.
Nov 14: Added a warning about Peplink routers and their using a new format for their settings backup file.
OCTOBER 2023
October 31: Added notes that the Surf SOHO replacement is expected in Nov or Dec 2023.
October 27: Updated the Surf SOHO setup page with more suggested outbound firewall rules.
October 24: Yet another critical Cisco bug.
October 22: Updated the Pepwave Surf SOHO page with information about ongoing software maintenance.
October 20: Updated the IP address page to include CG-NAT
October 17: More Juniper bugs added t othe Bugs page.
October 12: Added another case of Cisco hard coded admin passwords to the Bugs page. More routers being targeted by malware, a news story added to the Router News page.
SEPTEMBER 2023
Sept 20: Added the Firewalla New Device Notification feature to the Security Checklist page. Added Juniper router bugs to the Bugs page.
Sept 14: Added bugs in three Asus routers to the Bugs page.
AUGUST 2023
Aug 25: Added to the Consumer Router page a warning about just how miserably bad tech support is from Asus.
Aug 22: Updated the page on Extending the Wi-Fi range by adding an article about new antennas for computers.
Aug 1: Expanded the topic of Windows 11 and Secure DNS on the DNS page (click for the long explanation). On the Test Your DNS page, added testers for Quad9 from Quad9.
JULY 2023
July 30: On the News page, added a story of Zyxel devices being hacked because nobody is patching an old bug.
July 28: On the Bugs page, a new bug in Mikrotik routers.
July 23: On the DNS providers page, added another comparison of DNS providers in terms of blocking malware.
July 14: On the news page added a new router botnet.
JUNE 2023
June 30: Another Fortinet bug on the Bugs page.
June 20: On the Bugs page added details on nine security flaws in many Asus routers.
June 18: New story added to the Router News page.
June 10: Updated the DNS providers page with two new recommended DNS providers.
June 8: Updated the News story about Barracuda and their Email Gateway.
MAY 2023
May 31: Removed Vilfo from the Secure Routers page. Added an FBI video to the page with Other Router Security advice. The video is as lame as you would expect.
May 30: Updated the Eero page to show they are still a bad Wi-Fi neighbor.
May 25: A big router hacking news story added to the News page. And critical bugs in many Zyxel routers.
May 24: More critical Cisco bugs added to the bugs page. Yet again.
May 19: Asus routers are in the news for an outage affecting many devices.
May 8: Routers in the news: Fortinet devices are being exploited by bad guys. Updated the Consume Routers page with a gripe about an Asus router that has no manual.
APRIL 2023
April 30: Updated the Secure Routers page to add a new section on three governments that rate router security.
April 29: Many Many Zyxel bugs added to the Bugs page.
April 28: Added an article about many many bugs in Aruba devices to the Bugs page (filed under February)
April 26: On the Pepwave Surf SOHO page, added information on how Peplink handles secure/encrypted DNS. Updated the News page with a story about yet another protocol, SLP, that was meant to be LAN side only, being exposed on the Internet. Also updated the Test Your Router page with tests for the two ports used by SLP.
April 25: Added a bug in at least one TP-Link router to the Bugs page.
April 19: Routers are in the news again, Russians are hacking Cisco routers abusing a bug fixed in 2017.
April 18: Added a shocking News story about used routers for sale that have not been reset.
April 17: Updated the Test Your Router page with a new test for a buggy service in Windows
April 14: Updated the News page with a long explanation of the Framing Frames attack.
April 11, 2023: Added two News stories: 1) about configuring a new router 2) about flaws in the design of Wi-Fi itself. Added a new router bug on the Bugs page. The flaw is in the hardware and it affected all 55 tested devices.
MARCH 2023
March 26: Further improved the description of the NextDNS tester web page. Added some D-Link bugs to the Bugs page.
March 25: Added two items about Netgear bugs on the Bugs page.
March 22: Updated the OPNsense item on the Resources page.
March 20: On the Bugs page added a critical bug in Fortinet devices.
March 19: Improved the NextDNS testing section on the Test Your DNS page. On the DNS long explanation page, updated the Windows 11 setup for secure DNS. Updated the News page to add an article from August 2022 about router privacy. Added another comparison of pfSense and OPNsense on the Resources page.
March 14: Added the NSA recommendation to turn on the IPV6 firewall in routers that can not disable IPv6. Added Management Frame Protection to the long list of security tweaks on the home page. Updated DNS topics on the home page. Updated the VLAN topic on the home page.
March 13: Added a story to the New page about Sonicwall devices being hacked. On the Wi-Fi passwords page, added an NSA recommendation to use at least 20 characters.
March 7: On the Test Your DNS page, completely re-did the section on testing NextDNS.
March 6: Updated the News page with a new hack of old DrayTek routers.
March 2: Updated the long explanation of DNS on the Test DNS page to finally include info on secure DNS on Windows 11.
FEBRUARY 2023
Feb 28: Updated the Mullvad DNS info on the DNS providers page.
JANUARY 2023
Jan 24: In the page on configuring the Pepwave Surf SOHO, updated the topic of configuring it to send emails
Jan 21: Added another Cisco bug to the Bugs page.
DECEMBER 2022
Dec 30: Added high severity Netgear router bugs to the Bugs page.
Dec 22: The Routers in the News page has the results of the recent PWN2OWN contest where many routers were hacked. Also, two updates to the page on Synology routers - More on the hidden Wi-Fi network and hackers successfully hacking them at the PWN2OWN contest.
NOVEMBER 2022
Nov 30: Updated the Secure Routers page with another example of how important outbound firewall rules are.
Nov 29: Updated the page on Extending Wi-Fi range with a suggestion not to buy a Netgear Wi-Fi range extender.
Nov 28: Updated the page on Extending Wi-Fi range with a better explanation of antennas positions.
Nov 22: Updated the page on Extending Wi-Fi range with a new section on crossing the lines.
Nov 16: Updated the Firewalla info on the Resources page.
Nov 11: Updated the Eero page with quotes about bad privacy.
OCTOBER 2022
Oct 16: Added a new Fortinet bug to the Bugs page.
Oct 14: Updated the Google routers page to say that the management software is so miserably bad, you should avoid these routers.
Oct 9: Updated the Surf SOHO initial configuration page and the Surf SOHO page.
Oct 8: Minor changes reflecting the fact that the Pepwave Surf SOHO router is now considered Legacy by Peplink.
SEPTEMBER 2022
Sept 17: Updated the page on Extending WiFi range to note that the highest transmit power, does not increase the WiFi coverage area.
Sept 9: More Cisco bugs on the Bugs page.
Sept 8: Added an example of general suckiness from TP-Link to the Consumer Routers page.
Sept 1: Updated the Long DNS explanation on the Test Your DNS page.
AUGUST 2022
Aug 30: Updated the Test DNS page and the DNS Long Explanation with info on the hopelessness of OS level DNS testing on iOS
Aug 25: Updated the Pepwave Surf SOHO page with more on the expansion options of the Peplink Balance 20x. Added a Realtek industry wide bug to the Bugs page.
Aug 5: Added more Cisco router bugs to the Bugs page. Also added a DrayTek bug.
JULY 2022
July 30: Added a router bugs story about bugs in Arris routers.
July 29: Added a router news story about a bug in FreshTomato, DD-WRT and Asus routers.
July 22: Updated info on the NextDNS tester page on the Test Your DNS page.
July 6: Added another Kaspersky article on router security to the News page.
July 3: Updated the long explanation of DNS to add encrypted DNS
JUNE 2022
June 30: Updated two pages with info about the ZuoRAT router malware. The Test Your Router page now includes a test for the port it listens on. The News page has articles about it.
June 28: Updated the What Can Go Wrong page with an Alert from the US Government. Updated the Test your DNS page with information about a very suspect error message on iOS about DNS.
June 24: Updated the page on Extending Wi-Fi range.
June 12: Added a Kaspersky article on router security to the Router News page.
June 3: Minor updates to the page on Extending Wi-Fi range.
MAY 2022
May 21: On the Bugs page, added bugs in two Netgear VPN routers. More updates to the page on Extending WiFi range. Updated the DNS topic on the Long List on the home page.
May 20: Updated the page on Extending WiFi range - re-did the section on measuring signal strength.
May 16: New Zyxel bug added to the bugs page.
May 13: Assorted updates to the page on Extending the Range of a WiFi Network.
APRIL 2022
April 18: Added speed test results to the pcWRT page.
April 14: More updates to the Extending a Wi-Fi network page
April 12: Expanded the page on Extending a Wi-Fi network.
April 11: On the Bugs page added bugs in a Skyworth router.
April 6: Added a news story about WatchGuard failing to notify their customers of a huge security flaw. And a news story about the FBI having to hack into WatchGuard devices to remove Russian malware.
April 2: On the News page, added story about three TOTOLINK router bugs being exploited.
April 1: Another critical Zyxel bug added to the bugs page.
MARCH 2022
March 31: First release of a new page with an Overview of Extending the Range of a WiFi network. Its half done.
March 30: Added a News story about buggy cameras, showing how important VLANs are. A couple changes to the Surf SOHO initial setup page - updated a screen shot to reflect the current firmware and adding a discussion of WPA3.
March 29: Updated the Bugs page with a scathing report citing a huge number of bugs in Zyxel routers
March 27: Updated the VLAN page with a better explanation of segmenting a printer into its own VLAN
March 24: On the Surf SOHO Initial Configuration page, updated the InControl2 topic
March 23: Added a news story with more than a few reasons to avoid TP-Link routers.
March 20: Added a bit more about subnet masks to the IP address page.
March 19: Added a funny story to the page on configuring the Pepwave Surf SOHO router.
March 17: Updated the Test Your DNS page with screen shots of Cloudflare malware and porn testing results. Added a News story about Russians hacking Asus routers.
March 15: Expanded the NextDNS section on the new suggested DNS providers page.
March 14: Updated the Cloudflare testing section on the Test Your DNS page.
March 13: Broke out the newly expanded list of suggested DNS providers to its own page. Updated the Surf SOHO initial config page to reflect some UI changes in the newer versions of the firmware.
March 9: Big revision to the DNS page, the Long Explanation of DNS includes suggested providers.
March 6: Added a story about Russians hacking Dutch routers to the News page.
March 5: On the SSID page, added a bit on hiding SSID locations from Google Android.
March 4: More funny Wi-Fi network names on the SSID page.
March 2: In the Care and Feeding section of the home page, added the suggestion to replace the router when the latest firmware is over 2 years old.
March 1: New section on Hacked Router? added to the home page
FEBRUARY 2022
Feb 28: Added the article below to the pages for Eero and consumer routers. Added Secure DNS as another criteria on the Checklist page.
Feb 26: On the News page added a story from CNET about routers spying on you and a story about Cyclops Blink malware infecting WatchGuard devices.
Feb 23: Validated the WireGuard VPN tunnel with pcWRT
Feb 16: More routers with Wi-Fi buttons added to the Checklist page. More pcWRT updates.
Feb 8: More Cisco router bugs added to the Bugs page. Updates to pcWRT continue.
Feb 6: Still more updates to the pcWRT page.
Feb 4: Still more updates to the pcWRT page.
JANUARY 2022
Jan 31: Another UPnP related bug added to the Router News page. More pcWRT updates.
Jan 30: Added pcWRT to the list of VPN client routers on the Resources page. Multiple updates to the pcWRT page.
Jan 27: Added a new page for the pcWRT router. It is far from complete.
Jan 19: Added Vilfo OS as a maybe on the Secure Routers page.
Jan 13: Added a new NetUSB bug to the Bugs page.
Jan 11: Updated the Test Your DNS page with a new tester site
Jan 4: On the News page added a blog about hacking an Optilink fiber router in India