It's always Cisco routers. The question might be naïve, but are Cisco routers inherently insecure at this point?
I know Cisco is also the biggest target and it's obvious that consumer routers are less secure, but at this point the amount of backdoors in Cisco routers raises the question if there is another player that has better security.
Honest question: Is it just selective awareness or are Cisco routers not the best option when it comes to security (for higher profile targets)?
The development processes behind Cisco seem to be they do have some great R&D teams in the US, but they outsource the shit out of software development overseas and the quality of work is dubious.
Pepperidge farm remembers when Cisco's fix to a remote code execution CVE on routers was to check for the default `curl` user agent
Cisco did do a good job burying that in search results though, got to give them props, if it isn't stealing material from blackhat presenters by force physically, it's buying PR.
It was a bit of hyperbole. However Cisco is very often mentioned in the context of found exploits if you look for example on The Register or similar IT news and subjectively even more than any other brand. Even if I am totally right about this, it still doesn't mean much in and of itself, so I asked.
Cisco has poor software quality and control when it comes to IOS (Cisco OS not Apple's iOS) implementation that differs based on the end client or customer using their networking devices. This includes small/medium companies, universities, Large enterprise, Internet service providers, Data center, network storage...etc.
Each of the previously mentioned groups have their own implementation and licenses for specific IOS version running inside the network device (whether a Firewall, Router, Switch, or Switch with routing capabilities...etc). It has been long known that Cisco's poor software is due to the hundreds of modules/features they try to support on these devices (you never know which device will receive updates and for how long).
System administrators/Network Engineers alike always complain about the poor quality of Cisco's Software[1][2]
I think Cisco has the highest marketshare in terms of commercial routers, and probably a higher percentage of use in areas that might be of state actor interest. If you have a WatchGuard for example there may be the same amount of vulnerabilities but less incentive to find them, and less people looking for breaches after the fact.
I know Cisco is also the biggest target and it's obvious that consumer routers are less secure, but at this point the amount of backdoors in Cisco routers raises the question if there is another player that has better security.
Honest question: Is it just selective awareness or are Cisco routers not the best option when it comes to security (for higher profile targets)?
edit: replace "a bad" with "not the best"