185,000 TP-Link routers vulnerable to remote code execution with no patch available

Posted 27 April 2018 23:04 CET by Jan Willem Aldershoff

More than 185,000 TP-Link routers are connected to the internet while they are vulnerable to a critical vulnerability for which no patch is available yet. The vulnerability allows an attacker to execute code remotely on the device.

The affected TP-Link router is the TL-WR740N, which suffers from the same vulnerability that was found in the TP-Link TL-WR940N router last year. Both vulnerabilities were discovered by security researcher Tim Carrington from the security company Fidus. While the issue for the TP-Link TL-WR940N was fixed within a week, for the TL-WR740N no patch has been released yet.

Carrington found the issue in the WR740N when he was searching for “targets to do some research”.  The TL-WR740N  is older than the TL-WR940N and hasn’t received any updates for years. When analyzing the source code, Carrington discovered that the WR740N contained the exact same vulnerabilities as the WR940N. He wrote some software to compare the code from both routers and found that they suffer from the same vulnerabilities. That is possible because both devices share similar or identical source code, which is a “huge problem in the IoT industry”, according to Carrington.

In January this year, Carrington reported the vulnerabilities to TP-Link, thinking the company would fix the issues quickly because of the similarities in the source code. In March TP-Link told Carrington it had developed a firmware update, but so far it hasn’t been made available. This made Carrington decide to disclose his findings and to publish a proof-of-concept to exploit the vulnerability.

“Until a fix has eventually been released by TP-Link (No idea when this will be..) ensure your router is using a strong password and you’ve changed default credentials,” Carrington warns owners of a TP-Link TL-WR740N.


Related content


Comment on this news item