Widespread router flaw lets attackers reach home cameras and smart locks, experts warn
A newly reported class of router vulnerabilities is giving attackers a simple path into home networks, allowing them to remotely run commands on routers, change DNS settings and then pivot to devices such as surveillance cameras and smart locks. Security teams say the problem is not limited to one vendor and that patches are already available for some affected models, but many households remain exposed.
What researchers found
Security researchers have documented remote command injection and authentication bypass flaws that let an unauthenticated actor execute operating system-level commands on vulnerable routers. When abused, those flaws let attackers overwrite network settings or install backdoors that persist after a reboot, which in turn opens the local network to further compromise. Vendors including Zyxel and others issued advisories and firmware updates after the issues were disclosed. The highest severity ratings reported by researchers reached 9.8 out of 10.
Exploitation in the wild
Incidents tying router flaws to real-world attacks have already been observed. In recent months researchers have seen campaigns that use known router vulnerabilities to build botnets and to redirect user traffic so credentials and tokens can be harvested from downstream devices and cloud services. At least one Mirai-derived campaign and state-linked operations have been tracked leveraging exposed routers to expand access into home networks and to capture plain-text credentials. Active exploitation is not hypothetical - it has been documented on multiple fronts.
Why cameras and locks are at risk
Once an attacker controls routing or DNS for a home network, internet-facing and local devices alike become reachable. Many IP cameras and smart locks run embedded web servers or mobile-app APIs that trust devices on the local network. Recent disclosures show critical vulnerabilities in camera firmware that allow remote code execution or use of hard-coded cryptographic keys, making these products particularly fragile after a router compromise. The combined effect is that a single exploited router can turn dozens of devices into direct targets.
Who is affected
The exposure is broad. Research and vendor advisories name dozens of small office and home router models across multiple manufacturers. Some high-impact bugs let any device on the local Wi-Fi access the router's admin interface as an administrator, making network segmentation and default-credential practices ineffective if a device is already on the network. Unpatched devices, end-of-life models and routers using default settings are the most likely to be abused.
What to do now
Experts urge immediate steps: install vendor firmware updates, change default passwords, disable UPnP and remote administration, put smart home devices on a separate guest network and enable any available multi-factor authentication for device accounts. For high-risk users, unplugging internet-exposed cameras until firmware is confirmed and replacing unsupported routers are recommended. Security teams also suggest monitoring router logs for unexpected DNS changes or unusual outbound connections. Patching and segmentation reduce the chance that a router flaw becomes a full home takeover.
Vendors say they are issuing fixes and working with researchers to close gaps. Still, the incident underscores a persistent reality of the connected home: routers are the gateway, and when they fail, the whole house can fail with them.