Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • TP-Link WiFi Range Extender Vulnerability

    Home Forums Code Red – Security advisories TP-Link WiFi Range Extender Vulnerability

    This topic contains 0 replies, has 1 voice, and was last updated by  Kirsty 3 months ago.

    • Author
      Posts
    • #211023 Reply

      Kirsty
      AskWoody MVP

      From Bad to Worse: Firmware Vulnerability Detection with the Centrifuge Platform
      By Craig Heffner | August 13, 2018

       
      A vulnerability published for the TP-Link WL-WA850RE WiFi Range Extender recently caught our attention and warranted further investigation. It’s a command injection bug, typical for many low-cost consumer embedded systems. It’s a valid bug, allowing a remote attacker complete access to the device, but it requires administrative credentials to exercise the vulnerable code. Using the Centrifuge Platform, we found that there is a much more serious bug that allows a remote attacker to completely control the device even without prior knowledge of the administrative credentials.

      What is particularly worrisome is that these vulnerabilities aren’t limited to attackers with LAN or WLAN access. This vulnerability affects multiple TP-Link products, including many devices that are connected to the Internet and therefore susceptible to remote attack!

       
      … if you own one of these devices, especially if it is remotely accessible from the internet, assume that you’ve been compromised. Either put the device behind a NAT/Firewall or replace the device with one from a more reputable vendor.

       
      Read the full article here

       
      Michael Horowitz has added an explanation on routersecurity.org

      It appears that little, if any, work has been done by either researchers or TP-LInk into whether other devices are affected by these bugs. TP-Link was told of all this but there are, as of now, no patches.

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: TP-Link WiFi Range Extender Vulnerability

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.