best router home page router guides and articles wireless routers and modem reviews special offers on wireless routers Help and tools latest wireless router news router forums

News Story

Is your router hit by Heartbleed?

Author: Mark Richardson

01/05/14

What is Heartbleed?

Heartbleed is a bug in the widely used OpenSSL's cryptography library. Simplistically, the effect of this bug, if left unpatched, is that a malicious user can establish a "secure" connection to a target computer or device and read parts of its victim's memory that it should not have access to.

What does it mean for routers?

Many routers often run a basic web server to allow an administrator to access online control panels. Some of these routers use the affected versions of OpenSSL and so are hit by the Heartbleed bug. This means that an attacker who has access to the network can obtain data from the router's memory. In a router this data will normally be information which is moving around your network, or between your machine / network and the internet. Typically this could include usernames, passwords, emails, social media updates, etc

It should be made clear that this will only affect unpatched routers where a malicious user can establish a connection with the router. Some examples of where this could occur are:
• Company networks, schools, anywhere with lots of people are allowed to use the network. This set-up will potentially allow a malicious user to see the information of other user's on the network.
• Internet Cafes - A malicious user in the cafe will be able to see what you do. Though using an encrypted https connection with the destination server should secure you from all but the most determined hacker.
• If your router has external access enabled for remote administration over the internet or has cloud control, then potentially any malicious hacker can access your router, and then gain access to your network.
• If you run a guest network on your router. Anyone on the guest network can potentially access your secure network.

Which routers are hit by heartbleed?

Below is our table of which routers are effected, by router manufacturer.

Manufacturer Affected Notes
Apple   yes 802.11ac models only, patch available.
Asus   safe Not affected due to older SSL implementation. But upgrading to newer version anyway.
Belkin   safe
Billion   safe
Buffalo   yes Newer routers are ok. Running DD-WRT on an AirStation WZR-HP-G300NH2, WZR-HP-G450H or WZR-HP-AG300H? Then check here.
Cisco   yes It's a mixed picture - check your router here
D-Link   safe
Edimax   unsure Have not responded to our requests for info
Juniper   yes Firmware on some routers affected. Details here
Linksys   safe
Netgear   safe
TP-Link   unsure Awaiting clarification
TRENDNet   safe statement here
Western Digital   yes MyCloud product family hit. Details here.
Zyxel   safe









  Can't find what you're looking for? Try searching (top right of this page).



  back to router news
  
Share this page on facebook Tweet this page Share this page on Google+ Share this page on LinkedIn
advertisement
sitemap button © White Rabbit Ltd 2008-2019. All rights reserved.
To help keep this site running we may receive compensation from affiliate partners if you purchase products using our links. more info