{"id":"https://openalex.org/W4387628496","doi":"https://doi.org/10.1145/3617072.3617110","title":"But is it exploitable? Exploring how Router Vendors Manage and Patch Security Vulnerabilities in Consumer-Grade Routers","display_name":"But is it exploitable? Exploring how Router Vendors Manage and Patch Security Vulnerabilities in Consumer-Grade Routers","publication_year":2023,"publication_date":"2023-10-13","ids":{"openalex":"https://openalex.org/W4387628496","doi":"https://doi.org/10.1145/3617072.3617110"},"language":"en","primary_location":{"id":"doi:10.1145/3617072.3617110","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3617072.3617110","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://discovery.ucl.ac.uk/10179797/1/Security_Vulnerabilities_in_Routers___euroUSEC_2023.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061560936","display_name":"George Chalhoub","orcid":"https://orcid.org/0000-0003-2082-2610"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"George Chalhoub","raw_affiliation_strings":["Department of Computer Science, University of Oxford, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0003-2082-2610","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087547134","display_name":"Andrew Martin","orcid":"https://orcid.org/0000-0002-8236-980X"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Andrew Martin","raw_affiliation_strings":["Department of Computer Science, University of Oxford, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-8236-980X","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9238,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.74984524,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"277","last_page":"295"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7767295837402344},{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.766478419303894},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6024412512779236},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4950498640537262},{"id":"https://openalex.org/keywords/gateway","display_name":"Gateway (web page)","score":0.491389662027359},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.47396060824394226},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.44950070977211},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4477161467075348},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3618715703487396},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14181122183799744}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7767295837402344},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.766478419303894},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6024412512779236},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4950498640537262},{"id":"https://openalex.org/C2777710495","wikidata":"https://www.wikidata.org/wiki/Q5527195","display_name":"Gateway (web page)","level":2,"score":0.491389662027359},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.47396060824394226},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.44950070977211},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4477161467075348},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3618715703487396},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14181122183799744}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3617072.3617110","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3617072.3617110","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.ucl.ac.uk.OAI2:10179797","is_oa":true,"landing_page_url":"https://discovery.ucl.ac.uk/id/eprint/10179797/","pdf_url":"https://discovery.ucl.ac.uk/10179797/1/Security_Vulnerabilities_in_Routers___euroUSEC_2023.pdf","source":{"id":"https://openalex.org/S4306400024","display_name":"UCL Discovery (University College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45129253","host_organization_name":"University College London","host_organization_lineage":["https://openalex.org/I45129253"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"     In:  Proceedings of the 2023 European Symposium on Usable Security.  (pp. pp. 277-295).  Association for Computing Machinery (ACM): Copenhagen, Denmark. (2023)     ","raw_type":"Proceedings paper"},{"id":"pmh:oai:ora.ox.ac.uk:uuid:a4d372a8-08ac-474f-8962-2f0a04ffe67a","is_oa":false,"landing_page_url":"https://ora.ox.ac.uk/objects/uuid:a4d372a8-08ac-474f-8962-2f0a04ffe67a","pdf_url":null,"source":{"id":"https://openalex.org/S4306402636","display_name":"Oxford University Research Archive (ORA) (University of Oxford)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40120149","host_organization_name":"University of Oxford","host_organization_lineage":["https://openalex.org/I40120149"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Symplectic Elements","raw_type":"Conference item"},{"id":"pmh:oai:research-repository.griffith.edu.au:10072/427554","is_oa":false,"landing_page_url":"http://hdl.handle.net/10072/427554","pdf_url":null,"source":{"id":"https://openalex.org/S4306402548","display_name":"Griffith Research Online (Griffith University, Queensland, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11701301","host_organization_name":"Griffith University","host_organization_lineage":["https://openalex.org/I11701301"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"}],"best_oa_location":{"id":"pmh:oai:eprints.ucl.ac.uk.OAI2:10179797","is_oa":true,"landing_page_url":"https://discovery.ucl.ac.uk/id/eprint/10179797/","pdf_url":"https://discovery.ucl.ac.uk/10179797/1/Security_Vulnerabilities_in_Routers___euroUSEC_2023.pdf","source":{"id":"https://openalex.org/S4306400024","display_name":"UCL Discovery (University College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45129253","host_organization_name":"University College London","host_organization_lineage":["https://openalex.org/I45129253"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"     In:  Proceedings of the 2023 European Symposium on Usable Security.  (pp. pp. 277-295).  Association for Computing Machinery (ACM): Copenhagen, Denmark. (2023)     ","raw_type":"Proceedings paper"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387628496.pdf","grobid_xml":"https://content.openalex.org/works/W4387628496.grobid-xml"},"referenced_works_count":44,"referenced_works":["https://openalex.org/W186164078","https://openalex.org/W566876742","https://openalex.org/W615140566","https://openalex.org/W1490011260","https://openalex.org/W1520068592","https://openalex.org/W1615506555","https://openalex.org/W1816035745","https://openalex.org/W1934945143","https://openalex.org/W1978854302","https://openalex.org/W2053154970","https://openalex.org/W2065336436","https://openalex.org/W2066277932","https://openalex.org/W2077721836","https://openalex.org/W2095535242","https://openalex.org/W2102460407","https://openalex.org/W2118445820","https://openalex.org/W2121315148","https://openalex.org/W2121713513","https://openalex.org/W2151591800","https://openalex.org/W2158056865","https://openalex.org/W2293605433","https://openalex.org/W2442330941","https://openalex.org/W2506490502","https://openalex.org/W2508433864","https://openalex.org/W2544622625","https://openalex.org/W2565690877","https://openalex.org/W2610762919","https://openalex.org/W2611145822","https://openalex.org/W2735430671","https://openalex.org/W2766411424","https://openalex.org/W2782926283","https://openalex.org/W2804521551","https://openalex.org/W2889665541","https://openalex.org/W2900640554","https://openalex.org/W2914630606","https://openalex.org/W2951913189","https://openalex.org/W2974889942","https://openalex.org/W2994088948","https://openalex.org/W3003663372","https://openalex.org/W3212502694","https://openalex.org/W4224994457","https://openalex.org/W4250353368","https://openalex.org/W4309617489","https://openalex.org/W4380318178"],"related_works":["https://openalex.org/W2122026593","https://openalex.org/W3123141149","https://openalex.org/W2582203024","https://openalex.org/W2370711413","https://openalex.org/W2375932043","https://openalex.org/W2052038519","https://openalex.org/W4237683758","https://openalex.org/W2369391311","https://openalex.org/W2910762661","https://openalex.org/W2841075164"],"abstract_inverted_index":{"Millions":[0],"of":[1,25,47,62,82],"consumer-grade":[2],"routers":[3,70],"are":[4,12],"vulnerable":[5],"to":[6,50,54],"security":[7,19,76],"attacks.":[8],"Router":[9],"network":[10],"attacks":[11,48],"dangerous":[13],"and":[14,39,59,74],"infections,":[15],"presenting":[16],"a":[17,32],"serious":[18],"threat.":[20],"They":[21],"account":[22],"for":[23],"80%":[24],"infected":[26,36],"devices":[27,38],"in":[28,87],"the":[29],"market,":[30],"posing":[31],"greater":[33],"threat":[34],"than":[35],"IoT":[37],"desktop":[40],"computers.":[41],"Routers":[42],"offer":[43],"an":[44],"attractive":[45],"target":[46],"due":[49],"their":[51,72],"gateway":[52],"function":[53],"home":[55],"networks,":[56],"internet":[57],"accessibility,":[58],"higher":[60],"likelihood":[61],"having":[63],"vulnerabilities.":[64,77],"A":[65],"major":[66],"problem":[67],"with":[68],"these":[69],"is":[71],"unpatched":[73],"unaddressed":[75],"Reports":[78],"show":[79],"that":[80],"30%":[81],"critical":[83],"router":[84],"vulnerabilities":[85],"discovered":[86],"2021":[88],"have":[89],"not":[90],"received":[91],"any":[92],"response":[93],"from":[94],"vendors.":[95],"Why?":[96]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}