TP-LINK Router Administrative Web Interface Backdoor Vulnerability

Last Update Date: 15 Mar 2013 10:54 Release Date: 15 Mar 2013 4485 Views

RISK: High Risk

High Risk

TYPE: Servers - Network Management

TYPE: Network Management

A vulnerability has been identified in certain TP-LINK routers, which can be exploited by remote attackers to execute arbitrary code on target system.

 

Certain TP-LINK routers provide access to an administrative web interface which does not require authentication (start_art.html). Remote attacker can trick such routers to download malware from the attacker's TFTP server, and execute the malware in root user privilege. Remote attacker can execute arbitrary code as a root user.

 

Note:

  1. The default setting of the router does not allow WAN access to the administrative web interface.
  2. Proof of concept code of the attack is publicly available.
  3. Vendor patch is currently unavailable.

Impact

  • Remote Code Execution

System / Technologies affected

  • TL-WDR4300
  • TL-WR743ND (v1.2 v2.0)
  • TL-WR941N
  • Other models/versions may also be affected.

Solutions

Note: Vendor patch is currently unavailable.

 

Workaround:

  1. Disable WAN access to administrative web interface, e.g. configure WAN remote administration IP address as 0.0.0.0, or other trusted IP addresses.
  2. Only allow trusted MAC address access administrative web interface in LAN.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple Safari Multiple Vulnerabilities

15 Mar 2013 3511 Views

Next

Novell Messenger / Groupwise Messenger Client Unspecified Buffer Overflow Vulnerability

18 Mar 2013 3710 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY