When your ISP comes out to set up service, they hand you a router — usually one they own, manage, and can access remotely whenever they want. It's designed to be cheap to manufacture, easy for their technicians to support, and convenient for their network management. Your security is not a design consideration.
THE PROBLEMS WITH ISP-PROVIDED ROUTERS
There are several fundamental issues with using your ISP's router as your primary network device:
- Remote access by default — ISPs frequently maintain remote management access to equipment they own. That access exists whether you know about it or not, and it represents a connection to your network you didn't authorize and can't fully audit.
- Infrequent or no firmware updates — ISP-managed devices may get updates pushed to them, or they may not. You generally have no control over the update schedule and no visibility into what changed.
- Lowest-bid hardware — ISP routers are procured in bulk at the lowest cost. The security features are minimal. Firewall capabilities are basic. Advanced options like VLAN segmentation, proper logging, or detailed access control simply don't exist.
- Shared vulnerabilities at scale — When millions of customers have the same router model with the same firmware, a single vulnerability affects them all simultaneously. Attackers know exactly what to look for.
- Default credentials are often standardized — ISPs sometimes use the same admin passwords across device batches, making credential databases trivially easy to build.
⚠️ In several documented cases, ISP routers have been found to have hardcoded backdoor accounts — access methods that exist in the firmware regardless of what password you set on the user-facing admin panel.
WHAT TO DO ABOUT IT
The straightforward solution: put your own router behind the ISP device, or replace it entirely.
Put the ISP device in bridge/passthrough mode
If you can't replace it, configure the ISP device to pass through the connection to your own router. Your router handles all the actual routing and firewall work; the ISP device just handles the physical connection.
Use a purpose-built router with proper firmware
Options like pfSense, OPNsense, or quality consumer routers running OpenWRT give you actual control over your network — logging, access control, VLAN segmentation, and regular security updates.
Disable remote management on the ISP device
If you must use the ISP device directly, log into it and disable any remote management options you find. This limits — though doesn't eliminate — the ISP's access to your network.
Segment your network properly
IoT devices, cameras, and guest devices should be on separate network segments from your computers and sensitive devices. A basic ISP router can't do this. A proper router can.
✅ The single biggest upgrade most home and small business networks can make is replacing the ISP combo unit with a proper router running updated firmware. The difference in control and visibility is substantial.
Not sure what router setup is right for your situation? We design and configure home and business networks throughout Santa Clarita and the San Fernando Valley — built right from day one. Contact us today.