Highlighted
Sharer

Re: Add-on wireless router question

Actually, jegesq, as far as routers go, if you turn off remote administration, disable WPS, change the default username/password for the router admin pages, use WPA/WPA2 for wireless access, and for a little extra security change the IP address of the router from its default, the remote attack surface is very limited.  Cross site request forgery is almost always used in that scenario, and it has many limitations.

https://en.wikipedia.org/wiki/Cross-site_request_forgery#Limitations

 

There are some recently reported vulnerabilities in some routers, though the remote attack surface is still quite small.  The main attack vectors are via authenticated attacks from the LAN or WLAN.

http://www.securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php