Old network devices under siege by hackers

• The Shadowserver Foundation revealed over 2,200 newly compromised routers caught in the crossfire, quietly serving as cyberattack launchpads.
• SonicOS, Cisco IOS XE, Belkin Wemo, Realtek SDK, Zyxel, and many others are probed by hundreds of attackers every day.

Security researchers are waving a red flag: hackers are ramping up their attacks on outdated and unsupported network equipment worldwide, and the targets range from consumer routers sitting in living rooms to gear tucked away in the back closets of businesses.

The key ingredient in this cybercrime recipe? Old, unpatched devices from brands like Cisco, Linksys, and Araknis Networks, whose end-of-life (EOL) status leaves them ripe for exploitation.

A perfect playground for hackers

Let’s face it—attackers aren’t picky. As long as a device is exposed and vulnerable, it’s fair game. According to supply chain security firm Eclypsium, there’s been a dramatic uptick in malicious scanning campaigns.

These scans trace back to already-hacked hardware, creating a self-perpetuating cycle: compromised routers are used to hunt and infect even more outdated systems.

Recent warnings from The Shadowserver Foundation revealed over 2,200 newly compromised routers caught in the crossfire, quietly serving as cyberattack launchpads.

What’s especially concerning is just how old some of these exploited vulnerabilities are. Attackers don’t even need the latest zero-days; bugs from over a decade ago—many long forgotten—are still proving effective.

Favourite targets: Outdated routers everywhere

The attacks have a few clear favorites:

• Cisco Small Business RV Series: These routers are mostly EOL, meaning no patches, no support, and little hope of protection unless replaced.
• Linksys LRT Series: While some extended support lingers, most are also past their prime.
• Araknis AN-300-RT-4L2W: Also EOL, with no more firmware updates on the horizon.

Combine this with years-old vulnerabilities, like CVE-2018-017, and you have a hacker’s paradise. Despite being seven years old, this flaw—often exploited by Russian threat actors—remains in play thanks to poor patching and lingering legacy systems.

Low visibility, high risk

There’s a frustrating reality behind this surge: plenty of organizations and home users don’t apply available fixes, and few have robust monitoring for network gear that “just works.”

Special attention falls on old protocols like Cisco Smart Install (SMI) and SNMP, which are still accepted by outdated gear and offer easy back doors for attackers. Even the FBI has flagged these practices as a notable risk.

“It doesn’t matter to the attackers as long as it works,” the Eclypsium report summarises.

Unfortunately, many of these “dusty corners” of IT—forgotten network appliances and legacy machines humming in the background—are precisely where disaster tends to start. And once a device is compromised, it often gets roped into scanning the internet for more prey.

Most sought-after vulnerabilities

Security honeypots and monitoring projects show exactly which flaws attackers love most. Huawei’s Home Gateway HG532 is currently topping the charts, with nearly 600 IP addresses hammering the internet looking for vulnerable targets. This device harbours a 2017 critical flaw that hackers can exploit remotely via malicious packets.

Older vulnerabilities are hardly off-limits. SonicOS, Cisco IOS XE, Belkin Wemo, Realtek SDK, Zyxel, and many others are probed by hundreds of attackers every day. Some of these bugs date back over a decade, but they persist on unpatched devices.

What needs to happen now?

The fixes are clear, even if implementation isn’t always easy:

• Audit all connected devices for age, vendor support status, and known vulnerabilities.
• Disable legacy, unencrypted protocols—especially TELNET, SNMP, and SMI.
• Patch, upgrade, or (better yet) replace outdated hardware susceptible to long-known issues.
• Don’t ignore “set-it-and-forget-it” appliances—they need attention, too!

Attackers won’t stop scanning for weak spots. The only way to avoid joining the growing list of victims: shine a light into those dusty corners and finally retire the tech relics that put the entire network at risk.