Skip to main content
  1. Home
  2. Computing
  3. News

Secondhand routers may be a serious security concern

Add as a preferred source on Google

Security researchers have publicly revealed findings in a study that uncovered that more than half of the enterprise routers sold secondhand to online resellers, such as eBay, had not been factory reset and wiped of their data. This means the devices still contained sensitive company information from their previous owners when they were resold.

Researchers from the security firm ESET plan to showcase their study at the RSA security conference in San Francisco next week, but told Wired that they were able to uncover data of the enterprise organizations from the secondhand routers, including “network information, credentials, and other confidential data,” with no major effort.

A Wi-Fi router with an ethernet cable plugged in.
wlan antenna Getty Images

In particular, the researchers purchased 18 used routers from well-known brands including Cisco, Fortinet, and Juniper Networks. They ultimately discovered that nine of the devices were sold as is, and they offered easy access to all the router’s information. Meanwhile, five of the routers had been fully factory reset and wiped of all data. Two of the routers were encrypted, one was dead, and one was a mirror copy of another device, Wired noted.

Recommended Videos

The information ESET researchers were able to collect from the nine unprotected routers includes “credentials for the organization’s VPN, credentials for another secure network communication service, and hashed root administrator passwords.”

Eight of the unprotected routers included “router-to-router authentication keys” with “information about how the router connected to specific applications used by the previous owner.” Four routers included “credentials for connecting to the networks of other organizations, such as trusted partners, collaborators, or other third parties.” Three devices hosted details of how one could “connect as a third party to the previous owner’s network,” while two held customer data, according to the study.

ESET also noted that all nine unprotected routers included enough data for the researchers to figure out to which organizations they previously belonged.

The researchers noted how much of a security risk these routers being so easily accessible is because of the prevalence of cybercriminals and state-backed hackers. The routers can simply be purchased at a discount online because they are secondhand, and bad actors can potentially scan devices for valuable corporate information they can sell on the dark web and then simply resell the router again. The researchers said they hesitated to release their findings, but ultimately decided that awareness was the better option.

The ESET team told Wired they have done their diligence to contact and warn the prior owners of the nature of their routers, with some grateful for the update. Meanwhile, others appeared to ignore the warnings or not cooperate.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Microsoft wants Windows 11 and your phone to become best friends
Microsoft's latest plans reportedly focus on making the PC and smartphone experience feel seamless.
Windows 11 PC with Android Phone

For years, Phone Link has felt like that one app everyone knows exists but rarely remembers to open. Microsoft apparently wants to change that. According to a report from Windows Central, the company is working on a major overhaul of how smartphones integrate with Windows 11, making phones feel like a native part of the operating system instead of something users access through a separate app.

Phone Link is coming out of hiding

Read more
What are Copilot+ PCs? Everything you need to know
Copilot

Walk through a laptop aisle in 2026 and the Copilot+ PC branding is highlight for most Windows laptops. From Microsoft's own surface to other PC makers like Samsung, HP, and Dell, you can find notebooks that carry this badge to convey that they are AI-ready. At a glance, the name sounds like it refers to a computer with a better version of the Copilot chatbot, which only explains a small part of it.

A Copilot+ PC is a Windows 11 computer that meets Microsoft’s hardware standard for advanced on-device AI features like a compatible processor with a dedicated NPU. You also need a certain amount of RAM and storage, all of which brings access to Windows features such as Recall, Click to Do, and much more. Many of these experiences use the NPU to process information locally, reducing their reliance on cloud servers and helping them run more efficiently in the background.

Read more
ASUS expands its ProArt lineup with a compact keyboard and a smart creator mouse
The new ProArt KD300 and MD301 are designed to make life easier for designers, editors, and creators.
ASUS ProArt Keyboard KD300 and ProArt Mouse MD301

Creators have long had plenty of powerful laptops and monitors to choose from. Keyboards and mice? Not so much. ASUS is looking to change that with the expansion of its ProArt accessory lineup. Leading the announcement is the new ProArt Keyboard KD300, a compact low-profile keyboard that's designed to work alongside the ProArt Mouse MD301, giving creators a matching desktop setup built specifically for productivity instead of gaming.

A compact keyboard that doesn't sacrifice functionality

Read more