Avast Writes that the Router Is Vulnerable, Infected, Configured Incorrectly

Until recently, I didn’t even know that Avast router scares its users with “scary” warnings regarding their routers. As it turns out, Avast antivirus runs a Wi-Fi router scan. It gives the results that the router is configured incorrectly, the device is vulnerable to attacks, or in general, that the router is infected and infected, and attackers have already intercepted DNS-addresses and successfully redirect you to malicious sites, steal credit card data and in general everything is very bad. All these warnings are of course flavored with dangerous red color and confusing instructions, which even a good expert without beer will not understand. I’m not talking about ordinary users. This is how the problems found on the D-Link DIR-615 router look like:

Avast Internet Security: The device is not properly configured

The device is vulnerable to attack:

Avast: router vulnerable to attack and infected

From the solution options of course updating the router firmware. For what else 🙂 Also Avast may give a message that your router is protected by a weak password, or the router is not protected from hacking.

In some cases, you may see a message that your router is infected and connections are being redirected to a malicious server. Avast Antivirus explains this by saying that your router has been compromised and DNS addresses have been changed to malicious ones. And there are also instructions on how to solve this problem for different routers: ASUS, TP-Link, ZyXEL, D-Link, Huawei, Linksys/Cisco, NETGEAR, Sagem/Sagemco.

Avast: your router is infected

In short, all these recommendations are aimed at checking DNS addresses and DNS-related services. Through which attackers can change DNS on your router and redirect you to their malicious sites. There are detailed instructions on how to check everything on routers from different manufacturers.

How to react to a warning from Avast about a router vulnerability?

I think this question is of interest to everyone. Especially if you’ve come to this page. If you’re wondering how I would react to such warnings from an antivirus, the answer is simple – I wouldn’t. I’m sure that Avast would have found holes in my router too, through which I could be hacked. I just have Dr.Web. It doesn’t do such checks.

Maybe I’m wrong, but no antivirus except Avast does not check Wi-Fi routers to which you are connected for any kind of vulnerabilities. And this feature, which is called Home Network Security, appeared back in 2015. In the Avast 2015 version of the program.

Avast scans your router for security issues with the device. It’s not entirely clear to me how it does this, though. For example, how it checks the same password to enter the router settings. Is it watching the user, or by the method of selection? If it does, the password is bad 🙂 But okay, I’m not a programmer.

Personally, I think that all these warnings are nothing more than simple recommendations to strengthen the protection of your router. It doesn’t mean you’ve already been hacked and someone is stealing your data. What Avast suggests:

  • Set a good password and update your router’s firmware. Otherwise you might get hacked. Ok, that’s pretty obvious. It doesn’t have to be signaled as some scary vulnerability. Though again, it’s not clear to me how antivirus determines that the router software version is out of date. It seems impossible to me.
  • The router is not protected against connections from the internet. Most likely, this warning appears after checking open ports. But by default, the “Access from WAN” feature is disabled on all routers. I doubt very much that someone will hack into your router via the Internet.
  • Well, the worst thing is DNS address spoofing. If any problems with DNS are detected, Avast already writes directly that “Your router is infected!”. But in 99% of cases this is not true. Again, almost always the router automatically receives DNS from the provider. And all features and services through which attackers can somehow spoof DNS are disabled by default. It seems to me that very often the antivirus doesn’t “understand” any user settings correctly.

Somehow. You may disagree with me, of course. It seems to me that it is much easier to access a computer directly, and infect it, than to do it with a router. If we’re talking about an attack over the internet. I would be glad to see your opinion on this in the comments.

How to protect your router and remove the warning from Avast?

Let’s try to deal with each item that is most likely to check Avast and issue warnings.

  • The router is protected with a weak password. There is no encryption. In the first case, the antivirus has a password that must be entered when entering the router settings. As a rule, the default password is admin. Or it is not set at all. And it turns out that everyone who is connected to your network can enter the router settings. Therefore, you need to change this password. How to do this, I wrote in the article: how to change the password on the router from admin to another. As for the Wi-Fi network password, it should also be strong, and should use the WPA2 encryption type. I always write about it in router setup instructions.
  • The router is vulnerable because of old software. This is not entirely true. But, if there is new firmware for your router model, it is advisable to update it. Not only to improve security, but also for more stable operation of the device and new features. We have on our site instructions on how to update the software for routers of different manufacturers. You can find them via search, or ask in the comments. Here are the instructions for TP-Link and for Asus.
  • DNS settings have been changed. The router has been hacked. To be honest, I haven’t seen such cases yet. As I wrote above, all services through which this can happen are disabled by default. Most often the router gets DNS from the provider automatically. The only thing I can advise is not to manually specify DNS addresses you are not sure about. And if you manually specify addresses, it’s better to use only DNS from Google, which are: 8.8.8.8.8 and 8.8.4.4. This is also advised in the Avast recommendations, which can be viewed on the official website: https://help.avast.com/en/ws_android/1/alert_dns_hijack.html. There are detailed instructions on how to solve problems with DNS for almost all routers.

That’s all for now. I hope I managed to explain these warnings in Avast antivirus at least a little bit. Ask questions in the comments, and don’t forget to share useful information on this topic. All the best!

0
Ramón
Programs / Browsers
Similar articles
Netadapter Repair - A Program for Solving Problems with the Internet Connection Netadapter Repair - A Program for Solving Problems with the Internet Connection
How to Clear History, Cache, Browser Opera Browser How to Clear History, Cache, Browser Opera Browser
How to disable PUSH notifications from sites in Opera, Chrome, Mozilla Firefox, Edge? Browser notification management How to disable PUSH notifications from sites in Opera, Chrome, Mozilla Firefox, Edge? Browser notification management
What is tor Browser? How to set up and use it What is tor Browser? How to set up and use it
Ask a question


Leave a Reply

Your email address will not be published. Required fields are marked *

Attach image

New questions and answers
More questions
News
More news
Useful articles