Home routers and APs provide a web administration panel to configure the devices that are usually not accessible from the Internet but only from the local network.

A security aspect that may seem atomic, but that is often not considered important enough, is default authentication credentials.

It is a common practice not to change the default usernames and passwords to access the AP administration interface and many models come preconfigured with the puny credentials such as admin/admin. On the Web, lists of models of APs and routers with the relative default credentials are available. Even when default credentials are modified, weak passwords are often chosen.

This is a severe security issue because if an attacker ...