Legacy devices accounted for more than half of all hacked targets.
Old routers and network devices, long forgotten by manufacturers, have become prime targets for attacks. Moreover, the problem has expanded far beyond isolated vulnerabilities and has become a persistent trend.
In a new report for 2026, VulnCheck analyzed the exploitation of vulnerabilities in network edge devices and came to a simple conclusion: attackers are massively attacking technology that is no longer supported.
Almost half of all vulnerabilities actively exploited in 2025 affected devices at or near the end of their lifecycles—42.5%. Another 4.4% affected discontinued products. Such devices don't receive updates, meaning they remain open to attack for years.
Botnets are particularly active in attacking legacy devices , accounting for 65% of the vulnerabilities exploited by such networks. This primarily affects common devices for homes and small businesses. Home routers and similar equipment accounted for 56% of all vulnerable edge devices.
The report's chart shows that wireless routers are the most frequently targeted devices, significantly outnumbering corporate solutions like firewalls or network management systems.
The report's authors note that such devices operate for years without firmware updates. Users simply forget about them, and companies often fail to monitor the equipment their employees use to connect from home.
Interestingly, a significant portion of vulnerabilities remains unnoticed by government agencies. Only 23.7% of vulnerabilities discovered in such devices were included in the US Cybersecurity and Infrastructure Security Agency's catalog of known exploitable vulnerabilities.
The reason is simple: many devices are sold outside the US, and patches often no longer exist for older models. Without updates, such vulnerabilities are not included in the official list.
Another characteristic detail is that attackers often begin attacks before a vulnerability is officially identified. In 18 cases, VulnCheck detected exploitation through honeypots and dedicated monitoring systems, and only then assigned CVE numbers to the vulnerabilities.
The geography of manufacturers also plays a role. Mass-market devices that actively use botnets are often produced by Chinese companies. Such products typically have poor support and infrequent security updates. American vendors predominate in the corporate segment, but their solutions are also regularly targeted by attacks.
It's worth noting that the actual scale of the problem may be greater. Manufacturers don't always disclose vulnerabilities, and some attacks simply aren't publicly reported.
The bottom line is simple: the older and cheaper a network device, the higher the chance it has already been hacked or used in attacks. And as long as such devices continue to operate on networks, they remain a convenient entry point for attackers.
Old routers and network devices, long forgotten by manufacturers, have become prime targets for attacks. Moreover, the problem has expanded far beyond isolated vulnerabilities and has become a persistent trend.
In a new report for 2026, VulnCheck analyzed the exploitation of vulnerabilities in network edge devices and came to a simple conclusion: attackers are massively attacking technology that is no longer supported.
Almost half of all vulnerabilities actively exploited in 2025 affected devices at or near the end of their lifecycles—42.5%. Another 4.4% affected discontinued products. Such devices don't receive updates, meaning they remain open to attack for years.
Botnets are particularly active in attacking legacy devices , accounting for 65% of the vulnerabilities exploited by such networks. This primarily affects common devices for homes and small businesses. Home routers and similar equipment accounted for 56% of all vulnerable edge devices.
The report's chart shows that wireless routers are the most frequently targeted devices, significantly outnumbering corporate solutions like firewalls or network management systems.
The report's authors note that such devices operate for years without firmware updates. Users simply forget about them, and companies often fail to monitor the equipment their employees use to connect from home.
Interestingly, a significant portion of vulnerabilities remains unnoticed by government agencies. Only 23.7% of vulnerabilities discovered in such devices were included in the US Cybersecurity and Infrastructure Security Agency's catalog of known exploitable vulnerabilities.
The reason is simple: many devices are sold outside the US, and patches often no longer exist for older models. Without updates, such vulnerabilities are not included in the official list.
Another characteristic detail is that attackers often begin attacks before a vulnerability is officially identified. In 18 cases, VulnCheck detected exploitation through honeypots and dedicated monitoring systems, and only then assigned CVE numbers to the vulnerabilities.
The geography of manufacturers also plays a role. Mass-market devices that actively use botnets are often produced by Chinese companies. Such products typically have poor support and infrequent security updates. American vendors predominate in the corporate segment, but their solutions are also regularly targeted by attacks.
It's worth noting that the actual scale of the problem may be greater. Manufacturers don't always disclose vulnerabilities, and some attacks simply aren't publicly reported.
The bottom line is simple: the older and cheaper a network device, the higher the chance it has already been hacked or used in attacks. And as long as such devices continue to operate on networks, they remain a convenient entry point for attackers.
