The simplest way to get better quality would be to introduce some level of liability on manufacturers. If they could be sued for damages for a period of years, then they would have an incentive to maintain their code.
Home routers targeted again/still
- Thread starter OVERKILL
- Start date
Inspired by this thread, I dug up two of my old routers (Netgear R7000 and Asus RT-N66U) and upgraded them both to the latest version of FreshTomato, to be used for temporary backup purposes, in case my UDM SE takes an unexpected dump. I'll use one as a router and the other as an AP.
Sadly, if UDM SE is down, I wouldn't be able to use any of my Unifi APs, unless I unadopt them and readopt them on a standalone Unifi Network Server, which I could do, but even that would only be a partial fix since my cameras wouldn't work right either. Anyway, the old routers should hold me over until I get another Unifi gateway.
R7000 seems to be the most popular router running Tomato:
https://anon.freshtomato.org/
Last edited:
Does fresh tomato automatically update? As we know all routers have flaws that get exposed.Inspired by this thread, I dug up two of my old routers (Netgear R7000 and Asus RT-N66U) and upgraded them both to the latest version of FreshTomato, to be used for temporary backup purposes, in case my UDM SE takes an unexpected dump. I'll use one as a router and the other as an AP.
Sadly, if UDM SE is down, I wouldn't be able to use any of my Unifi APs, unless I unadopt them and readopt them on a standalone Unifi Network Server, which I could do, but even that would only be a partial fix since my cameras wouldn't work right either. Anyway, the old routers should hold me over until I get another Unifi gateway.
R7000 seems to be the most popular router running Tomato:
https://anon.freshtomato.org/
The last update to a security flaw was 4/15/2025
https://app.opencve.io/cve/?vendor=freshtomato
As far as I know, it does not, and that's by design. It's firmware for the nerds, with a ton of functionality that gets changed/updated often, so the developers don't want to force it onto you until you've had a chance to comprehend the changes. Some updates are very major, advising to wipe NVRAM and reconfigure from scratch, so it isn't exactly for a typical user who wants to set it and forget it.
That seems to be outdated info.
Latest release was 2/15/2026 and addressed many CVEs:
https://github.com/FreshTomato-Project/freshtomato-arm/blob/arm-master/CHANGELOG
They typically release a new version every quarter.
And for S&G, I just installed the latest FreshTomato on Asus WL-500gP v2 with a whopping 8 MB of flash. This is a router from 2008. 
ISPs should disable customer internet access for anyone with a pwned router. $0.02.
How? ISPs do not know what CPE sits behind the modem.
OVERKILL
$100 Site Donor 2021
Cogeco here in Canada watches for "known signs of pwn3d stuff" and does exactly that, you get an e-mail, you get like 2 weeks to remedy it, and if you don't, your net gets shut-off.
Their security toolset would tell them where malicious traffic was coming from on their network. IOCs (Indicators of compromise) would be present.
That said, as you imply, it would not be immediately evident which device behind the router, or the router itself, was compromised.
It cost a lot of money to detect something.
Never mind a security and privacy nightmare! And never mind a little presumptuous that one's ISP should also be in charge your internal network's setup and operational structure.
Just because they supply A router doesn't mean it needs to be your internal router.
"their" router cost $7-10 a month to "rent".
If an ISP supplies your router I'd strongly expect them to be responsible for its maintenance; especially if it's rented. I would have massive issues with my ISP having even read-only access to my router's configuration, much less write-capable access!
For a minute, I read it as Cogent, at which point I LOL'd.
I'm always going to route my own packets between my internal networks. If I'm forced to use an on-prem ISP router, I'll just plug my router in to it. They can manage their router as they see fit. I'll manage my own.
The ISP is going to route your packets one way or the other.
And even that won’t work - the LCR teams can come up with legalese to absolve the manufacturers outside of arbitration. Corporate devices(more so SonicWall and Fortinet) get breached all the time. For the consumer, it’s still important to keep firmware up to date, but corporations are still big targets for botnets launched from consumer devices.
Easy profit for the cable companies and the telcos(DSL is on its last legs, hence why AT&T is handing out gateways for xDSL but makes you pay for one on their fiber networks - if you have fixed wireless, gateway rental is rolled into your monthly fee).
Comcast and Charter have to roll out firmware updates regularly for their gateways - there’s two pieces of that. DOCSIS and router firmware. And while Arris(Commscope, formerly Motorola’s General Instrument/Jerrold division ) and Scientific-Atlanta(formerly Cisco CPE) have merged into Vantiva(formerly Technicolor), there’s a few Taiwanese CPE vendors who also supply ODM to the cable companies. While the cable modem side is stable with Broadcom or MaxLinear, the router/AP side is using Taiwanese IP/SOCs from Realtek or Mediatek - and they have to keep multiple firmware and provisioning files on their headends. They’ll let their customers know they need a new gateway/modem if that model is no longer supported.
Last edited:
