Router Vulnerability: TP-Link Issues Patch To Fix Remote Code Execution Exploit In Old Routers

Popular router manufacturer TP-Link has issued a security patch that fixes a vulnerability in a discontinued line of its routers that allowed an attacker to execute malicious code on the device remotely.

The vulnerability was first discovered in TP-Link’s PTWR841N V8 router models by security researchers at internet of things security firm Senrio. The firm disclosed the exploit to TP-Link and worked with the company to create a security patch.

Read: Government Spying: WikiLeaks 'Cherry Blossom' Documents Reveal CIA Hacks Wi-Fi Routers

Senrio said there were two major vulnerabilities plaguing the routers, which were discovered during a hacking class offered to students by the security firm.

As the class was working with the TP-Link PTWR841N V8 router, students discovered a logic flaw in the device’s configuration that allowed an attacker to circumvent the router’s access controls. If exploited, the security flaw would allow an attacker to reset the router’s credentials and gain additional access to the device.

After manipulating the router credentials, the researchers were able to launch a code execution attack by taking advantage of the second security flaw — a stack overflow vulnerability that was accessible through the router’s configuration service.

Stack overflow attacks are exploited by making a program attempt to use more memory space than is available in the call stack — a buffer that stores requests that need to be executed.

The researchers carried out the attack by using smartphones. By activating the hotspot capability on the smartphones, the researchers were able to carry out the attack to reset the router credentials and were then able to execute malicious code through the hacked router.

Read: Linksys Vulnerability: More Than 20 Linksys Routers Found To Be Vulnerable To Security Exploits

Current models of TP-Link routers do not suffer from the same vulnerability thanks to updated firmware that has removed the exploit, but the older model is at risk. TP-Link has since pushed out a firmware update that should help protect at-risk users from the exploit.

According to a search on Shodan, a search engine that allows users search for specific types of devices connected to the internet, at least 93,328 of the TP-Link routers that are at risk of the security vulnerability are still in use worldwide.

Routers have become more common targets for attacks because of their ability to distribute malicious code to a number of devices using the router’s network to connect to the internet. It’s also not uncommon for the devices to be riddled with security flaws that go unpatched for long periods of time.

A recent leak of purported CIA documents published by Wikileaks showed the government agency has created hacking tools used to compromise wireless routers to track the online activity of targets.

Earlier this year, security researchers discovered a number of major vulnerabilities in Linksys routers that made it possible for attackers to target the devices and compromise the internet connection of the user.

In January, the Federal Trade Commission filed a lawsuit against popular router maker D-Link for failing to take steps to properly secure its devices and leaving consumers vulnerable to hacks and exploits.