Category: General|Dec 21, 2019 | Author: Admin

Buffer Overflow Exploit Discovered That Overwrites Admin Password of TP-Link Archer Routers

Share on

A serious security bug affected numerous TP-Link routers. The vulnerability in TP-Link Archer routers could allow a potential attacker to remotely take over the device.

TP-Link Archer Routers vulnerability Researchers discovered a serious security vulnerability in TP-Link Archer routers.

Exploiting the vulnerability could allow a remote attacker to take complete control of the router.

Elaborating on the bug, Grzegorz Wypych, from IBM X-Force Red team, said that the firmware bug affected both home and business routers.

To exploit the bug, an attacker merely had to send an HTTP request including a character string longer than the allowed number.

As a result, the user password would become void. As stated in their blog post,

At first, we tried to send a shorter string, with only a few bytes.

This short string went through and corrupted the password file.

The result is that the user would not be able to log in, and nor would the attacker… Next, we tried sending through a password longer than the allowed number of characters.

This time, the password was voided altogether, and the value was now empty.

Consequently, the researchers could gain access to FTP and TELNET with only the username ‘admin’ without any password.

This way, an attacker could not only take over the router but would also lock out the legitimate user from using the device.

Patches Rolled Out Following the report, TP-Link acknowledged the vulnerability with CVE number CVE-2019-7405.

The bug primarily affected router models Archer C5 V4, Archer MR200v4, Archer MR6400v4, and Archer MR400v3.

TP-Link has issued patches for the firmware. Users of vulnerable routers must ensure installing the latest updates to ensure they are protected.

Recently, researchers also discovered a critical command execution bug in D-Link routers, which the vendors refused to patch. Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Had to crisis-postpone new 5G standard in the US to avoid plane chaos

Category: IT|Jan 20, 2022 | Author: Admin

No one found out that the iPhone 13 is missing this until now

Category: Apple|Jan 19, 2022 | Author: Admin

Safari leaks your browser history

Category: General|Jan 18, 2022 | Author: Admin

Chromium Trouble - Can't change default search engine anymore

Category: Google|Jan 17, 2022 | Author: Admin

Here, developers are allowed by Apple to offer alternative payment methods

Category: Apple|Jan 16, 2022 | Author: Admin

Microsoft refuses to correct the error - took matters into its own hands

Category: Microsoft|Jan 15, 2022 | Author: Admin

Now Meta gets the authorities on its neck, again

Category: General|Jan 14, 2022 | Author: Admin

Has invested heavily in podcasts - now Spotify is closing down the studio

Category: General|Jan 13, 2022 | Author: Admin

Claims HomePod mini is on its way to Norway

Category: General|Jan 12, 2022 | Author: Admin

Linux gets the function everyone wants

Category: IT|Jan 11, 2022 | Author: Admin

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Category: General|Jan 10, 2022 | Author: Admin

Dice continues to destroy for himself: removed favorite from Battlefield 2042

Category: General|Jan 9, 2022 | Author: Admin

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

Category: IT|Jan 8, 2022 | Author: Admin

You can trick Windows 11's new media player

Category: Microsoft|Jan 7, 2022 | Author: Admin

Intel Core i9 is faster than M1 Max

Category: General|Jan 6, 2022 | Author: Admin
more