Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Gigabyte Radeon RX 6700 XT Gaming OC review
Corsair K70 RGB TKL keyboard review
Corsair RM650x (2021) power supply review
be quiet! Silent Loop 2 280mm review
Corsair K55 RGB PRO XT keyboard review
Guru3D Rig of the Month - March 2021
Intel Core i9-11900K processor review
Intel Core i5-11600K processor review
ASUS ROG Maximus XIII HERO review
MSI MEG Z590 ACE review

New Downloads
HWiNFO Download v7.02
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
Guru3D RTSS Rivatuner Statistics Server Download 7.3.1
Corsair Utility Engine Download (iCUE) Download v4.9.350
Quake II RTX Download 1.5.0
GeForce 465.89 WHQL driver download
AIDA64 Download Version 6.33
AMD Radeon Adrenalin Edition 21.3.2 driver download
Display Driver Uninstaller Download version 18.0.3.8
AMD Radeon Adrenalin Edition 21.3.1 driver WHQL download


New Forum Topics
Doom Eternal bad performance Comprehensive benchmarking of NVIDIA's FPS limiters (V1, V2 & V3) vs RTSS vs In-engine Intels Raja Koduri gives sneak peek at Xe-HPG (DG2) gaming GPU in 3DMark Micro stuttering when games are in Fullscreen mode Study reveals Cryptocurrency mining energy consumption in China alone will be higher than Italy in three years Intel Core i5-11600K processor review AMD Radeon Adrenalin Edition 21.3.2 driver download & discussion AMD Radeon Software - UWP - v27.20.21001.7005 NVIDIA CEO Huang to Showcase What's Been Cooking for GTC 2021 Keynote - From His Kitchen Review: Gigabyte Radeon RX 6700 XT Gaming OC




Guru3D.com » News » Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available

Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available

by Hilbert Hagedoorn on: 04/30/2018 08:45 AM | source: | 19 comment(s)
Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available

Well over 185,000 TP-Link routers that are connected to the internet have a critical vulnerability, for which no patch is available yet. The vulnerability allows an attacker to execute code remotely on the device.

The routers affected are the TL-WR740N, which suffers from the same vulnerability that was found in theTP-Link TL-WR940N router last year. Both vulnerabilities were discovered by security researcher Tim Carrington from the security company Fidus. While the issue for the TP-Link TL-WR940N was fixed within a week, for the TL-WR740N no patch has been released yet, reports myce:

Carrington found the issue in the WR740N when he was searching for “targets to do some research”.  The TL-WR740N  is older than the TL-WR940N and hasn’t received any updates for years. When analyzing the source code, Carrington discovered that the WR740N contained the exact same vulnerabilities as the WR940N. He wrote some software to compare the code from both routers and found that they suffer from the same vulnerabilities. That is possible because both devices share similar or identical source code, which is a “huge problem in the IoT industry”, according to Carrington.

 

 

In January this year, Carrington reported the vulnerabilities to TP-Link, thinking the company would fix the issues quickly because of the similarities in the source code. In March TP-Link told Carrington it had developed a firmware update, but so far it hasn’t been made available. This made Carrington decide to disclose his findings and to publish a proof-of-concept to exploit the vulnerability.

“Until a fix has eventually been released by TP-Link (No idea when this will be..) ensure your router is using a strong password and you’ve changed default credentials,” Carrington warns owners of a TP-Link TL-WR740N.



Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available




« EK Offers new X470 series monoblock for Gigabyte X470 AORUS GAMING 7 · Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available · TeamGroup Releases T-Force Delta RGB SSD »

4 pages 1 2 3 4


Fox2232
Senior Member



Posts: 11705
Joined: 2012-07-20

#5542197 Posted on: 04/30/2018 10:57 AM
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)

TheDeeGee
Senior Member



Posts: 7032
Joined: 2010-08-28

#5542200 Posted on: 04/30/2018 11:00 AM
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)

I recently switched to Xwrt on my Netgear R7000, best move i ever made.

Getting a much better WiFi signal and the UI is a lot faster and cleaner.

lucidus
Senior Member



Posts: 11825
Joined: 2011-12-31

#5542202 Posted on: 04/30/2018 11:11 AM
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)


I was looking into LEDE/OpenWRT recently for my old linksys but there's too little setup instructions. I saw on yt some videos and they all involved making vlans or whatever for wifi ... too complicated :p

I personally don't buy TP-link products because of their poor driver and other software support, which these days is the most critical part of any device in a PC enviroment.


Wifi drivers are almost universally bad lol. I did buy a tp link wireless adapter last year and I am using a generic broadcom driver from windows update catalog (it won't show up normally in wu). Station drivers versions all caused bsod's and the one on tp's site didn't always connect to my wifi automatically on start up.

Fox2232
Senior Member



Posts: 11705
Joined: 2012-07-20

#5542203 Posted on: 04/30/2018 11:11 AM
I recently switched to Xwrt on my Netgear R7000, best move i ever made.

Getting a much better WiFi signal and the UI is a lot faster and cleaner.
Well, I have old router. WAN 1Gbps, 4xLAN each 100Mbps, WLan 2,4GHz 54Mbps.
Installed with all special features disabled (Firewall, UI, shares, ...)
Configured to make WAN,LAN,WLAN as one network. So, router does not have IP address on any of "ports/interfaces", just MACs.
Basically works as switch for WAN - LAN - WLAN. No way to connect to this router anymore via WAN,LAN,WLAN. Configuration possible only via internal connector and "USB TTL UART CP2102" + putty :)

I did this as perfect LAN party extension for mobile devices, as this puts them into same logical network.

Stairmand
Senior Member



Posts: 256
Joined: 2007-07-25

#5542218 Posted on: 04/30/2018 12:08 PM
I have only bought Asus routers for last years and I couldn’t be happier. There is just no competition when you can get security updates almost monthly. I wish there would be more brands to choose from.


ahem

https://www.engadget.com/2016/02/23/asus-ftc-settlement-router
https://www.ctrl.blog/entry/review-asuswrt

4 pages 1 2 3 4


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021