TP-Link Routers Vulnerable To Remote Intrusion Attacks, But Users Also At Blame

Thousands of TP-Link routers, one of the most common and attractively priced devices for home networking, could be vulnerable. Apparently, a bug in the unpatched firmware can potentially allow even remote users snooping on the internet to take control of the device. While the company could be liable for the security flaw, even the buyers and users are partially at fault, indicate security analysts who discovered the same.

Some TP-Link routers that haven’t been updated, can be evidently compromised owing to a security flaw. The vulnerability allows any low-skilled attacker to remotely gain full access to the router that has the flaw in the firmware. However, the bug is dependent on the negligence of the end user of the router’s as well. Security researchers noted the exploit needs the user to retain the router’s default login credentials to work. Needless to say, a lot of users never change the router’s default password.

Andrew Mabbitt, the founder of U.K. cybersecurity firm Fidus Information Security, was the first to identify and report about the security flaw in TP-Link routers. In fact, he had officially disclosed the remote code execution bug to TP-Link way back in October 2017. Taking note of the same, TP-Link had subsequently released a patch a few weeks later. According to the report, the vulnerable router was the popular TP-Link WR940N. But the story did not end with WR940N. Router making companies routinely use similar to the same lines of code in different models. This is exactly what happened as the TP-Link WR740N was also vulnerable to the same bug.

Needless to add, any security vulnerability in a router is extensively dangerous for the entire network. Altering settings or messing with the configurations can severely hamper performance. Moreover, discreetly altering DNS settings can easily send unsuspecting users to fake pages of financial services or other platforms. Directing traffic to such phishing sites is one of the ways to steal login credentials.

It is interesting to note that although TP-Link was rather quick to patch the security vulnerability in its routers, the patched firmware wasn’t openly available to download until recently. Apparently, the rectified and updated firmware for WR740N which will make it immune to the exploit wasn’t available on the website. It is concerning to note that TP-Link made the firmware available only upon request, as indicated a TP-Link spokesperson. When enquired, he stated the update was “currently available when requested from tech support.”

It is a common practice for router making companies to send out firmware files through email to customers who write to them. However, it is imperative that companies release patched firmware updates on their websites, and if possible, alert users to update their devices noted Mabbitt.

Alap Naik Desai
A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.