ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
FSP Hydro G Pro 1000W (ATX 3.0, 1000W PSU) review
Addlink S90 Lite 2TB NVMe SSD review
Over 185,000 TP-Link routers vulnerable to remote code execution (again) with no patch available
Well over 185,000 TP-Link routers that are connected to the internet have a critical vulnerability, for which no patch is available yet. The vulnerability allows an attacker to execute code remotely on the device.
The routers affected are the TL-WR740N, which suffers from the same vulnerability that was found in theTP-Link TL-WR940N router last year. Both vulnerabilities were discovered by security researcher Tim Carrington from the security company Fidus. While the issue for the TP-Link TL-WR940N was fixed within a week, for the TL-WR740N no patch has been released yet, reports myce:
Carrington found the issue in the WR740N when he was searching for “targets to do some research”. The TL-WR740N is older than the TL-WR940N and hasn’t received any updates for years. When analyzing the source code, Carrington discovered that the WR740N contained the exact same vulnerabilities as the WR940N. He wrote some software to compare the code from both routers and found that they suffer from the same vulnerabilities. That is possible because both devices share similar or identical source code, which is a “huge problem in the IoT industry”, according to Carrington.
In January this year, Carrington reported the vulnerabilities to TP-Link, thinking the company would fix the issues quickly because of the similarities in the source code. In March TP-Link told Carrington it had developed a firmware update, but so far it hasn’t been made available. This made Carrington decide to disclose his findings and to publish a proof-of-concept to exploit the vulnerability.
“Until a fix has eventually been released by TP-Link (No idea when this will be..) ensure your router is using a strong password and you’ve changed default credentials,” Carrington warns owners of a TP-Link TL-WR740N.
RealNC
Senior Member
Posts: 4132
Joined: 2011-11-24
Senior Member
Posts: 4132
Joined: 2011-11-24
#5542182 Posted on: 04/30/2018 09:38 AM
I wonder how viable a Raspberry Pi is as a router. It surely can run way more sophisticated software than actual "home" routers, and you can always keep it up to date easily.
I wonder how viable a Raspberry Pi is as a router. It surely can run way more sophisticated software than actual "home" routers, and you can always keep it up to date easily.
Perjantai
Senior Member
Posts: 150
Joined: 2015-01-12
Senior Member
Posts: 150
Joined: 2015-01-12
#5542190 Posted on: 04/30/2018 10:30 AM
I have only bought Asus routers for last years and I couldn’t be happier. There is just no competition when you can get security updates almost monthly. I wish there would be more brands to choose from.
I have only bought Asus routers for last years and I couldn’t be happier. There is just no competition when you can get security updates almost monthly. I wish there would be more brands to choose from.
alanm
Senior Member
Posts: 11509
Joined: 2004-05-10
Senior Member
Posts: 11509
Joined: 2004-05-10
#5542192 Posted on: 04/30/2018 10:35 AM
I use TP-Link routers (Archer series) and love them. Fortunately they are not affected. Only 2 of the lower end older models are affected.
I use TP-Link routers (Archer series) and love them. Fortunately they are not affected. Only 2 of the lower end older models are affected.
maligor
Junior Member
Posts: 10
Joined: 2008-03-10
Junior Member
Posts: 10
Joined: 2008-03-10
#5542195 Posted on: 04/30/2018 10:46 AM
You could use the Raspberry Pi as a AP I guess, but the ethernet performance in is pretty abysmal, as it's attached to the USB. The integrated wifi performance is pretty poor aswell. There are other products from other manufacturers that have pci-express connected networking, but they might have worse software support. (Things like Banana Pi boards)
Personally I have a Turris Omnia which has a OpenWRT based automatically updating OS. It also happily routes around 900Mbps from WAN to LAN.
I wonder how viable a Raspberry Pi is as a router. It surely can run way more sophisticated software than actual "home" routers, and you can always keep it up to date easily.
You could use the Raspberry Pi as a AP I guess, but the ethernet performance in is pretty abysmal, as it's attached to the USB. The integrated wifi performance is pretty poor aswell. There are other products from other manufacturers that have pci-express connected networking, but they might have worse software support. (Things like Banana Pi boards)
Personally I have a Turris Omnia which has a OpenWRT based automatically updating OS. It also happily routes around 900Mbps from WAN to LAN.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 348
Joined: 2016-10-22
I personally don't buy TP-link products because of their poor driver and other software support, which these days is the most critical part of any device in a PC enviroment.