From securityaffairs.com
ESET researchers purchased a few used routers to set up a test environment and made a shocking discovery, in many cases, previously used configurations had not been wiped.
The experts pointed out that the data they found on the devices could be used to identify the prior owners, this information can be used by threat actors to breach their networks.
“Results reported here show that a majority of the secondary market core routers sampled contained recoverable configuration data from their previous deployments, replete with sensitive, and even confidential, data. This allowed ESET researchers to identify devices previously used in a data center/ cloud computing business (specifically, a router provisioning a university’s virtualized assets), a nationwide US law firm, manufacturing and tech companies, a creative firm, and a major Silicon Valleybased software developer, among others.” reads the report published by ESET.