Solidigm P44 Pro (1TB/2TB) M.2 NVMe SSD Review
EnGenius ECW336 WIFI6E Access Point review
MSI MEG Z790 ACE review
Deepcool LT720 LCS Cooler Review
Arctic A35/I35 A-RGB air coolers review
Minisforum HX90G (Ryzen 9 5900HX + RX 6600M) mini PC review
MSI MPG Z790 Edge (DDR4) review
MSI GeForce RTX 4080 Gaming X TRIO review
Deepcool CH510 chassis review
Asus Delta S Wireless Headset review
Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available
Well over 185,000 TP-Link routers that are connected to the internet have a critical vulnerability, for which no patch is available yet. The vulnerability allows an attacker to execute code remotely on the device.
The routers affected are the TL-WR740N, which suffers from the same vulnerability that was found in theTP-Link TL-WR940N router last year. Both vulnerabilities were discovered by security researcher Tim Carrington from the security company Fidus. While the issue for the TP-Link TL-WR940N was fixed within a week, for the TL-WR740N no patch has been released yet, reports myce:
Carrington found the issue in the WR740N when he was searching for “targets to do some research”. The TL-WR740N is older than the TL-WR940N and hasn’t received any updates for years. When analyzing the source code, Carrington discovered that the WR740N contained the exact same vulnerabilities as the WR940N. He wrote some software to compare the code from both routers and found that they suffer from the same vulnerabilities. That is possible because both devices share similar or identical source code, which is a “huge problem in the IoT industry”, according to Carrington.
In January this year, Carrington reported the vulnerabilities to TP-Link, thinking the company would fix the issues quickly because of the similarities in the source code. In March TP-Link told Carrington it had developed a firmware update, but so far it hasn’t been made available. This made Carrington decide to disclose his findings and to publish a proof-of-concept to exploit the vulnerability.
“Until a fix has eventually been released by TP-Link (No idea when this will be..) ensure your router is using a strong password and you’ve changed default credentials,” Carrington warns owners of a TP-Link TL-WR740N.
TheDeeGee
Senior Member
Posts: 8324
Joined: 2010-08-28
Senior Member
Posts: 8324
Joined: 2010-08-28
#5542200 Posted on: 04/30/2018 11:00 AM
I recently switched to Xwrt on my Netgear R7000, best move i ever made.
Getting a much better WiFi signal and the UI is a lot faster and cleaner.
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)
I recently switched to Xwrt on my Netgear R7000, best move i ever made.
Getting a much better WiFi signal and the UI is a lot faster and cleaner.
lucidus
Senior Member
Posts: 11835
Joined: 2011-12-31
Senior Member
Posts: 11835
Joined: 2011-12-31
#5542202 Posted on: 04/30/2018 11:11 AM
I was looking into LEDE/OpenWRT recently for my old linksys but there's too little setup instructions. I saw on yt some videos and they all involved making vlans or whatever for wifi ... too complicated :p
Wifi drivers are almost universally bad lol. I did buy a tp link wireless adapter last year and I am using a generic broadcom driver from windows update catalog (it won't show up normally in wu). Station drivers versions all caused bsod's and the one on tp's site didn't always connect to my wifi automatically on start up.
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)
I was looking into LEDE/OpenWRT recently for my old linksys but there's too little setup instructions. I saw on yt some videos and they all involved making vlans or whatever for wifi ... too complicated :p
I personally don't buy TP-link products because of their poor driver and other software support, which these days is the most critical part of any device in a PC enviroment.
Wifi drivers are almost universally bad lol. I did buy a tp link wireless adapter last year and I am using a generic broadcom driver from windows update catalog (it won't show up normally in wu). Station drivers versions all caused bsod's and the one on tp's site didn't always connect to my wifi automatically on start up.
Fox2232
Senior Member
Posts: 11808
Joined: 2012-07-20
Senior Member
Posts: 11808
Joined: 2012-07-20
#5542203 Posted on: 04/30/2018 11:11 AM
I recently switched to Xwrt on my Netgear R7000, best move i ever made.
Getting a much better WiFi signal and the UI is a lot faster and cleaner.
Well, I have old router. WAN 1Gbps, 4xLAN each 100Mbps, WLan 2,4GHz 54Mbps.
Installed with all special features disabled (Firewall, UI, shares, ...)
Configured to make WAN,LAN,WLAN as one network. So, router does not have IP address on any of "ports/interfaces", just MACs.
Basically works as switch for WAN - LAN - WLAN. No way to connect to this router anymore via WAN,LAN,WLAN. Configuration possible only via internal connector and "USB TTL UART CP2102" + putty
I did this as perfect LAN party extension for mobile devices, as this puts them into same logical network.
I recently switched to Xwrt on my Netgear R7000, best move i ever made.
Getting a much better WiFi signal and the UI is a lot faster and cleaner.
Well, I have old router. WAN 1Gbps, 4xLAN each 100Mbps, WLan 2,4GHz 54Mbps.
Installed with all special features disabled (Firewall, UI, shares, ...)
Configured to make WAN,LAN,WLAN as one network. So, router does not have IP address on any of "ports/interfaces", just MACs.
Basically works as switch for WAN - LAN - WLAN. No way to connect to this router anymore via WAN,LAN,WLAN. Configuration possible only via internal connector and "USB TTL UART CP2102" + putty
I did this as perfect LAN party extension for mobile devices, as this puts them into same logical network.
Stairmand
Senior Member
Posts: 337
Joined: 2007-07-25
Senior Member
Posts: 337
Joined: 2007-07-25
#5542218 Posted on: 04/30/2018 12:08 PM
ahem
https://www.engadget.com/2016/02/23/asus-ftc-settlement-router
https://www.ctrl.blog/entry/review-asuswrt
I have only bought Asus routers for last years and I couldn’t be happier. There is just no competition when you can get security updates almost monthly. I wish there would be more brands to choose from.
ahem
https://www.engadget.com/2016/02/23/asus-ftc-settlement-router
https://www.ctrl.blog/entry/review-asuswrt
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 11808
Joined: 2012-07-20
Most of their routers can run OpenWRT. That's best option for them anyway. I have it on my old one too. (Now sitting in storage, but ready in case of need.)