Overview
- NetRise examined firmware for 24 models across six vendors and found only four had ever been patched, with 13 still-supported devices and seven end-of-life products remaining vulnerable.
- In lab tests, the WPS PIN was recovered in 1–2 seconds after capturing a single WPS handshake, enabling rapid unauthorized Wi‑Fi access within radio range.
- The firm attributes the persistence to firmware supply‑chain failures, including reused insecure components, vague advisories, and insecure defaults that carry across product lines.
- Some products present WPS as disabled in the user interface yet keep it exploitable at the firmware level, leaving quiet exposure in branch, retail, and healthcare settings.
- NetRise reported vulnerable releases appearing an average of 7.7 years after the 2014 disclosure and fixes roughly 9.6 years later, as CISA separately warns of in‑the‑wild exploitation of older TP‑Link router flaws.