TP-Link closes overflow leak in Archer router that gave attacker admin rights

Spread the love

TP-Link has fixed a leak in its Archer routers. This made it possible to change the configuration of the device. IBM researchers have discovered the vulnerability and are calling it a “zero day,” but there is no evidence that the vulnerability has been actively exploited.

The vulnerability is labeled CVE_2017_7405. The vulnerability was discovered by IBM security researchers and applies to TP-Link’s Archer C5 routers, with Firmware Version 16.0 0.9.1 v600c.0 Build 180124 Rel.28919n. According to the researchers, it is possible to access the router via Telnet and then exploit the leak. Attackers can thus enter the network from a distance and move through the network. Attackers can also get on ftp servers. The attackers could gain admin rights on the router with the vulnerability.

It is an overflow vulnerability. If an attacker entered a password of a certain length, the password field was replaced with an empty value that was always accepted. In addition, users could only log in to the router as admin with root rights, which immediately gave an attacker many possibilities in the system.

IBM calls the vulnerability a zero day, but does not provide examples of where the vulnerability has been actively exploited. TP-Link has now released a patch that closes the leak.

You might also like