Category: General|Dec 21, 2019 | Author: Admin

Buffer Overflow Exploit Discovered That Overwrites Admin Password of TP-Link Archer Routers

Share on

A serious security bug affected numerous TP-Link routers. The vulnerability in TP-Link Archer routers could allow a potential attacker to remotely take over the device.

TP-Link Archer Routers vulnerability Researchers discovered a serious security vulnerability in TP-Link Archer routers.

Exploiting the vulnerability could allow a remote attacker to take complete control of the router.

Elaborating on the bug, Grzegorz Wypych, from IBM X-Force Red team, said that the firmware bug affected both home and business routers.

To exploit the bug, an attacker merely had to send an HTTP request including a character string longer than the allowed number.

As a result, the user password would become void. As stated in their blog post,

At first, we tried to send a shorter string, with only a few bytes.

This short string went through and corrupted the password file.

The result is that the user would not be able to log in, and nor would the attacker… Next, we tried sending through a password longer than the allowed number of characters.

This time, the password was voided altogether, and the value was now empty.

Consequently, the researchers could gain access to FTP and TELNET with only the username ‘admin’ without any password.

This way, an attacker could not only take over the router but would also lock out the legitimate user from using the device.

Patches Rolled Out Following the report, TP-Link acknowledged the vulnerability with CVE number CVE-2019-7405.

The bug primarily affected router models Archer C5 V4, Archer MR200v4, Archer MR6400v4, and Archer MR400v3.

TP-Link has issued patches for the firmware. Users of vulnerable routers must ensure installing the latest updates to ensure they are protected.

Recently, researchers also discovered a critical command execution bug in D-Link routers, which the vendors refused to patch. Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Android's underappreciated upgrade advantage

Category: Google|Sep 24, 2021 | Author: Admin

No Electricity? A New Cooling System Uses Sunlight and Saltwater

Category: General|Sep 23, 2021 | Author: Admin

Slack begins rolling out video and audio message ‘clips’

Category: General|Sep 22, 2021 | Author: Admin

Roku's free OS 10.5 lets you dictate passwords, fixes pesky sound lags on headphones

Category: IT|Sep 21, 2021 | Author: Admin

Some good news and some strange news from Apple

Category: Apple|Sep 20, 2021 | Author: Admin

New Windows security updates break network printing

Category: Microsoft|Sep 19, 2021 | Author: Admin

Sent 700tb over 4 km of laser technology

Category: IT|Sep 18, 2021 | Author: Admin

'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin

iPhone 13 unveiled in Ukraine

Category: Apple|Sep 10, 2021 | Author: Admin
more