Credit: Pierre Kim
Everyone knows consumer router security is terrible, but few have measured this tire fire of gross irresponsibility as closely as Pierre Kim. In a single blog post, Pierre outlined 20 different vulnerabilities, including multiple backdoors, before giving up and creating a section called “Misc”. If the flaws with your product are so severe that they don’t merit the full spelling of “Miscellaneous”, you are probably in the wrong business. Not to let Quanta receive all of the credit, Pierre identified additional router models affected by these issues, including those crafted by distinguished Internet of Shit purveyors D-Link and Totolink (not actually a line connected toilets). One particular backdoor really drives home the quality we are dealing with; /cgi-bin/sh, which unsurprisingly, is a command shell executed as root over HTTP.