True, but the stock software on any cheap router you buy is also all running as root, assuming that there's even a concept of users, or any other kind of isolation, in the OS it's using.
The standards on that stuff are shockingly low. I mean, think about the stupidest, laziest, most slipshod shit you can imagine, and then be assured that it's worse than that.
... and "small business" routers are only slightly better. Even "enterprise" equipment isn't all that stellar.
Personally, I use real Linux as a router, and a separate WiFi access point behind it that gets as little trust as I can manage.
Yes, but so is having the password check happen on the client-side, which I have seen happen in two different routers' stock firmware I've owned in the past.
The standards on that stuff are shockingly low. I mean, think about the stupidest, laziest, most slipshod shit you can imagine, and then be assured that it's worse than that.
... and "small business" routers are only slightly better. Even "enterprise" equipment isn't all that stellar.
Personally, I use real Linux as a router, and a separate WiFi access point behind it that gets as little trust as I can manage.