TP-Link has announced that a security flaw in the Wi-Fi encryption of its Archer MR500 LTE routers was discovered by a research team from German consumer organization Stiftung Warentest.
A security flaw in TP-Link routers made them susceptible to WPS pixie-dust attacks, allowing perpetrators to deduce the WPS PIN and consequently gain access to the router's wireless key. However, the vulnerability is only exploitable if the WPS feature is activated, which is not enabled by default. In response, TP-Link has issued a firmware patch to address this weakness and strongly advises users to update their routers promptly.
Moreover, TP-Link is thoroughly examining its other products to identify any potential similar vulnerabilities. The company pledges to provide firmware updates for any affected devices it uncovers.