Get Started
Contact us

If you found this blog post interesting you might also enjoy our regular series of webinars about practical ways to improve the security of people working outside the office.

Upcoming Webinars →

Staff no longer connect only from the office. They access systems from homes, hotels, serviced offices and client sites. These places sit outside IT’s control and are known as the uncontrolled network edge. While flexible working improves productivity, it also increases risk.

The biggest weak point at this edge is often overlooked: router firmware. Commercial routers are shipped with pre-installed software that may contain hidden flaws. Attackers exploit these flaws to gain access and, once inside, other security layers such as VPNs or firewalls cannot prevent them from moving further.

Firmware Risks at the Uncontrolled Network Edge

Firmware acts as the operating system of a router. It manages how traffic is handled, authenticated and routed. If the firmware is insecure, attackers can:

  • Gain administrative access to the router
  • Intercept or redirect network traffic
  • Create persistent backdoors that survive resets
  • Use the compromised router to launch further attacks

These risks are magnified at the uncontrolled edge where IT teams cannot patch or monitor devices directly. Staff may share their network with family members, housemates, guests or strangers in hotels and serviced offices. All of this creates opportunities for attackers.

Real-World Vulnerabilities

There are no shortage of examples where router firmware has been exploited at scale:

  • TP-Link flaws allowed attackers to take over routers remotely.
  • DrayTek vulnerabilities enabled hijacking of remote management features.
  • Netgear Orbi and ASUS backdoors gave attackers persistent access even after users attempted to reset devices.
  • Mirai malware recruited thousands of insecure routers into botnets to launch global denial-of-service attacks.

These incidents show how consumer-grade routers, left unmanaged, become easy targets. For staff connecting to company systems, it means attackers could sit invisibly between their device and the corporate network.

Why VPNs and Firewalls Cannot Fix Firmware Risks

It is tempting to think of a VPN or firewall as a solution. Both have their place, but neither fixes weaknesses in router firmware.

  • VPN encrypts traffic so outsiders cannot snoop, but it does not prevent a compromised router from manipulating or diverting that traffic.
  • firewall can filter harmful connections, but if the router itself has already been compromised, attackers can route around it or conceal their activity.

When the foundation is insecure, higher-level protections are undermined. This is why the uncontrolled network edge is such an attractive target.

Examples of Risk at the Edge

Consider the following everyday situations:

  • Home network: A staff member logs into dashboards from the kitchen table. The home router has not had a firmware update in years, and their child’s gaming laptop is already infected with malware. Both business and personal traffic are flowing through the same device.
  • Hotel Wi-Fi: A project manager connects from a hotel room to review financial data. The hotel’s router is outdated and shared by hundreds of guests. Attackers can easily exploit its flaws to gain a foothold.
  • Serviced office: A solicitor uses a shared office connection to access case files. The router is managed by the office provider and has not been patched. Attackers scanning the internet for exposed routers can break in remotely.
  • Client site: A consultant signs into internal systems from a client’s office. The business has no visibility of the client’s infrastructure, yet its own data flows through it.

In all of these cases, VPNs and firewalls are still useful, but they cannot secure the router itself. That is why firmware control is critical.

How Loxada Solves the Firmware Problem

Loxada takes a different approach. Instead of trusting whatever router staff happen to use, we supply managed routers and replace all factory firmware with our own hardened, secure alternative.

This process strips the device back to bare metal. No trace of the original software remains. Even if a user performs a factory reset, the device returns to its secure state, free of hidden vulnerabilities.

Loxada’s custom firmware provides:

  • Automatic updates so devices stay patched without staff involvement
  • Separation of traffic ensuring business systems are isolated from personal devices
  • Centralised management giving IT teams visibility and control over routers at the edge
  • Reliability for sensitive use cases such as healthcare and legal sectors where compliance is vital

The result is a secure on-ramp that transforms uncontrolled environments into safe, managed access points.

Closing the Blind Spot

Firmware exploits are increasing. Attackers know routers are often the weakest link and are now creating persistent threats that survive normal updates. The ASUS backdoor campaign, for example, planted lasting access that remained even after patches were applied.

Loxada closes this blind spot. By taking complete control of the firmware, we eliminate any hidden backdoors. Staff working from homes, hotels or other external networks can connect with confidence, knowing the entry point is hardened and under central control.

Why This Matters

The uncontrolled network edge is here to stay. Even organisations with strict office policies have staff logging in from home in the evenings, checking systems at weekends or connecting while travelling. Every one of these connections passes through a router that may be insecure.

Ignoring this reality leaves companies exposed. Attackers scan the internet for weak routers and exploit them automatically. Once they have a foothold, they can move laterally and cause damage long before IT teams notice.

By deploying secure, managed routers with custom firmware, organisations take control of the uncontrolled edge. They reduce risk, protect sensitive systems, and simplify compliance with frameworks such as GDPR, PCI DSS and NIS2.

The Bottom Line

Router firmware is often invisible to staff and overlooked by IT teams, yet it represents a major vulnerability. A compromised router can undermine every other security control.

Loxada addresses this by stripping routers back to bare metal and installing secure custom firmware that is patched, managed and tamper-resistant. Even in uncontrolled environments such as homes, hotels, serviced offices and client sites, staff gain a secure on-ramp into company systems.

It is the most effective way to close a hidden gap and ensure that business access does not begin in a compromised state.

Recent Posts

If you found this blog post interesting you might also enjoy our regular series of webinars about practical ways to improve the security of people working outside the office.

Upcoming Webinars →