As the FCC moves to block foreign-made routers, new research finds they have, on average, 32 flaws per device, compared to 14 for computers.
Forescout’s 2026 Riskiest Connected Devices report finds that routers now account for roughly a third of the most critical, highly exploitable vulnerabilities across connected networks.
This ranks routers as the riskiest IT device of 2026, according to the researchers.
The analysis is based on a wealth of telemetry from millions of devices observed by Forescout’s Device Cloud during the first week of February.
Rather than focusing on specific brands or vendors, the report examines device types using a risk score based on configuration, functionality, and internet exposure.
Routers also rank highest in terms of exposure, with an average of 32 vulnerabilities per device, compared with around 14 for computers.
On Monday, the FCC announced that it was banning all foreign-made routers over security concerns. In recent years, Chinese-manufactured routers were responsible for several espionage campaigns.
Last year, the Chinese-backed campaign Operation WrtHug hijacked more than 50,000 old or end-of -life ASUS home routers, turning everyday internet devices into components of a covert network.
According to Rik Ferguson, VP Security Intelligence at Forescout, the risk isn’t just where a router is made, it’s the millions already deployed, running outdated software, exposed to the internet and rarely patched.
Adding 'foreign-made consumer-grade routers' to the FCC Covered List blocks 'new' models from getting FCC equipment authorization (and therefore from being imported for sale/use), but it doesn’t magically secure the millions of routers already deployed, many of which will stay in homes and small offices for years."
Rik Ferguson, VP Security Intelligence, Forescout
“That installed base matters because it’s where so many attackers already live, in exposed management interfaces, abusing weak or reused admin creds, and slow patching cycles, or EOL equipment that 'still works,'" he added.
Hackers are targeting middleware
Overall the report findings indicate that, rather than focusing on laptops or smartphones, hackers are increasingly targeting middleware.
Firewalls – which many rely on to protect their traffic – are another device that the report warns is becoming an easy target for hackers, as they “combine exposed management ports, exploitable vulnerabilities (including zero days) and older weaknesses that persist due to outdated firmware.”
“Rarely patched” serial-to-IP converters – which are used to connect older equipment to modern networks – also ranked highly and appeared on Forescout’s list for the first time.
Printers, clocks, and VoIP also ranked “risky”
In the IoT category, Voice over Internet (VoIP) systems ranked as the riskiest device type. These systems are frequently exposed to the internet, misconfigured with unnecessary open ports, and run outdated firmware.
Network video recorders (NVRs), another recurring entry, have been linked to widely exploited vulnerabilities in recent years, including one affecting Hikvision devices that remained among the most exploited in both 2024 and 2025.
Hikvision cameras have been banned for sale in the US by the FCC since 2022.
According to the report, printers are among the devices most commonly running outdated or unsupported firmware and are frequently configured with default credentials.
Time Clocks and RFID readers (which are found on contactless cards, hotel key cards, and office badges) appear on Forescout’s list for the first time.
Have thoughts about this topic? Others do, too. Join them in the discussion.
These are often deployed by third parties and then overlooked, leaving them exposed or poorly segmented.
Elsewhere, the report highlights the vulnerabilities of medical equipment. Medical dispensing systems, medical image printers, and DICOM gateways all appear among the riskiest device types, alongside MRI scanners and healthcare workstations.
Has your password leaked?
Barry Mainz, CEO of Forescout, warned that hackers are now exploiting the data moving inside the network, between devices, rather than going in and out of it.
“Threat actors are exploiting east-west traffic and could target emerging device categories like serial-to-IP converters, medication dispensing systems, and RFID readers.
“These devices serve as softer points of entry to the network due to limited hardening, inconsistent patching, and widespread use of default credentials.”
Unlock more exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked