Patches released by TP-Link to address this issue in their firmware appear in the closing section of this blog. The release of this post follows a responsible disclosure process with TP-Link and is designed to help users and defenders take action to mitigate the risk to these devices. If placed on the enterprise network, a compromised router can become a point of entry to an attacker, and a place to pivot from in recon and lateral movement tactics. The risk is greater on business networks where routers such as this can be used to enable guest Wi-Fi. This flaw is considered critical since it can grant an unauthorized third-party access to the router with admin privileges, which are the default on this device for all users, without proper authentication taking place. If exploited, this router vulnerability can allow a remote attacker to take control of the router’s configuration via Telnet on the local area network (LAN) and connect to a File Transfer Protocol (FTP) server through the LAN or wide area network (WAN). This is a zero-day flaw that was not previously reported and can affect both home and business environments. In this post, IBM X-Force Red‘s Grzegorz Wypych (aka describes a firmware vulnerability we found in TP-Link Archer C5 (v4) routers. Yet although they are so essential to our connection to the world, they are one of the least secure devices we use on a daily basis. Internet routers, an omnipresent device connecting us to work, services and leisure, have become an integral part of every home, business and public place. Please see links to patches at the end of this post and patch with priority. The issue has been reported as CVE-2017-7405 and issued patches by TP-Link. This blog post gives details about a zero-day vulnerability in TP-Link Archer C5 v4 routers that run firmware version 3.16.0 0.9.1 v600c.0 Build 180124 Rel.28919n.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |