Domestic routers have lately been targeted by cybercrime due to the huge amount of well-known vulnerabilities which compromise their security. The purpose of this paper is to appraise SOHO router security by auditing a sample of these devices and to research innovative attack vectors. More than 60 previously undisclosed security vulnerabilities have been discovered throughout 22 popular home routers, meaning that manufacturers and Internet Service Providers have still much work to do on securing these devices. A wide variety of attacks could be carried out by exploiting the different types of vulnerabilities discovered during this research. Outline of the talk: 1. Introduction. Brief explanation about the main goals of our research. 2. State of the art. Current progress in router security, including: previous investigations, cybercrime exploitation and manufacturers’ response to previously disclosed vulnerabilities. 3. Common security problems. a. Routers provide too many pointless services which largely increase attack surfaces. b. Routers still make use of default public credentials. This eases the attacks. 4. Security flaws. Main part of the presentation in which the discovered security problems are explained, including the following live demos: a. DNS Hijacking exploiting a Cross Site Request Forgery vulnerability. b. Infecting a browser exploiting a Unauthenticated XSS vulnerability by sending a DHCP Request PDU. c. Bypassing the authentication in order to download the whole router filesystem (including passwd and configuration files) by exploiting a SMB misconfiguration vulnerability. d. Causing a persistent DoS / restoring router to default settings without requiring any authentication process. 5. Developed tools 6. Mitigations. Security advices for both customers and manufacturers. 7. Results. Graphical explanation of the audit report. 8. Conclusion. Has SOHO router security improved over the last couple of years?