Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available
Well over 185,000 TP-Link routers that are connected to the internet have a critical vulnerability, for which no patch is available yet. The vulnerability allows an attacker to execute code remotely on the device.
The routers affected are the TL-WR740N, which suffers from the same vulnerability that was found in theTP-Link TL-WR940N router last year. Both vulnerabilities were discovered by security researcher Tim Carrington from the security company Fidus. While the issue for the TP-Link TL-WR940N was fixed within a week, for the TL-WR740N no patch has been released yet, reports myce:
Carrington found the issue in the WR740N when he was searching for “targets to do some research”. The TL-WR740N is older than the TL-WR940N and hasn’t received any updates for years. When analyzing the source code, Carrington discovered that the WR740N contained the exact same vulnerabilities as the WR940N. He wrote some software to compare the code from both routers and found that they suffer from the same vulnerabilities. That is possible because both devices share similar or identical source code, which is a “huge problem in the IoT industry”, according to Carrington.
In January this year, Carrington reported the vulnerabilities to TP-Link, thinking the company would fix the issues quickly because of the similarities in the source code. In March TP-Link told Carrington it had developed a firmware update, but so far it hasn’t been made available. This made Carrington decide to disclose his findings and to publish a proof-of-concept to exploit the vulnerability.
“Until a fix has eventually been released by TP-Link (No idea when this will be..) ensure your router is using a strong password and you’ve changed default credentials,” Carrington warns owners of a TP-Link TL-WR740N.
Senior Member
Posts: 7032
Joined: 2010-08-28
I recently switched to Xwrt on my Netgear R7000, best move i ever made.
Getting a much better WiFi signal and the UI is a lot faster and cleaner.
Senior Member
Posts: 11825
Joined: 2011-12-31
I was looking into LEDE/OpenWRT recently for my old linksys but there's too little setup instructions. I saw on yt some videos and they all involved making vlans or whatever for wifi ... too complicated :p
Wifi drivers are almost universally bad lol. I did buy a tp link wireless adapter last year and I am using a generic broadcom driver from windows update catalog (it won't show up normally in wu). Station drivers versions all caused bsod's and the one on tp's site didn't always connect to my wifi automatically on start up.
Senior Member
Posts: 11705
Joined: 2012-07-20
I recently switched to Xwrt on my Netgear R7000, best move i ever made.
Getting a much better WiFi signal and the UI is a lot faster and cleaner.
Well, I have old router. WAN 1Gbps, 4xLAN each 100Mbps, WLan 2,4GHz 54Mbps.
Installed with all special features disabled (Firewall, UI, shares, ...)
Configured to make WAN,LAN,WLAN as one network. So, router does not have IP address on any of "ports/interfaces", just MACs.
Basically works as switch for WAN - LAN - WLAN. No way to connect to this router anymore via WAN,LAN,WLAN. Configuration possible only via internal connector and "USB TTL UART CP2102" + putty

I did this as perfect LAN party extension for mobile devices, as this puts them into same logical network.
Senior Member
Posts: 256
Joined: 2007-07-25
ahem
https://www.engadget.com/2016/02/23/asus-ftc-settlement-router
https://www.ctrl.blog/entry/review-asuswrt
Senior Member
Posts: 11705
Joined: 2012-07-20
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)