Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks

A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor.

A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor.

While analyzing some TP-Link routers, IBM X-Force researcher Grzegorz Wypych came across a potentially serious vulnerability in the TP-Link RE365 Wi-Fi extender running firmware version 1.0.2, build 20180213. Following its own analysis, the vendor determined that the security hole also impacts RE650, RE350 and RE500 devices.TP-Link extender vulnerability

Wi-Fi extenders are designed to forward signal captured from a wireless router in order to extend its range.

The issue affecting TP-Link extenders, tracked as CVE-2019-7406, can be exploited by a remote and unauthenticated attacker via specially crafted user agent fields in HTTP headers. Since all processes on the impacted extenders run with root privileges, an attacker can execute arbitrary shell commands with elevated permissions and take complete control of the device.

“This vulnerability can […] affect a variety of end users, from home users to corporate users, and enable an attacker to send any request to the extender. The sort of impact that can result from such unauthenticated access includes, for example, requesting the device to browse to a botnet command-and-control (C&C) server or an infection zone,” Wypych explained in a blog post. “The thought of a Mirai infection on internet of things (IoT) devices is, of course, one of the first things that comes to mind, where automated scripts could potentially run as root on this type of device if the vulnerability is exploited.”

TP-Link has released firmware updates for each of the affected models in an effort to address the vulnerability. No other devices appear to be impacted.

Related: 0-Day in TP-Link SR20 Routers Allows Command Execution

Related: Flaws Affecting Top-Selling Netgear Routers Disclosed

Related: TP-Link Patches Remote Code Execution Flaws in SOHO Router

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.