Too Long; Didn't Read
A hacker can infiltrate a commercial off-the-shelf router via an IoT exploit to gain control of a network. Using the control gained over the router, the hacker can gain control over additional assets in the internal network. The vulnerability exploited is CVE-2020-10923, reported 28 Jul 2020. It is a stack-based buffer overflow in the software update process. As for security features, ASLR not enabled but stack is not executable. As an organization, security is only as strong as its weakest point. Leaving network devices unmanaged can compromise the entire network.