The well-known manufacturer TP-Link once again suffers from a new security vulnerability, in this case the affected one is one of its best-selling routers. The affected model is the popular TP-Link TL-WR841 with different hardware versions, and it is that a security researcher has discovered a serious vulnerability that would allow an external attacker to be able to execute random commands, that is, gain total control of the router.
What is this vulnerability?
The vulnerability consists of a “buffer overflow”, that is, buffer overflow. The affected component is the httpd service of the TP-Link TL-WR841N V12, although the router versions V11 and V10 are also affected, later we will detail all the affected models as well as the affected firmware versions. This security flaw discovered by a security researcher allows an authenticated remote attacker to execute arbitrary code via an HTTP GET request to the Wi-Fi network tools page, i.e. the “System Tools” menu of the firmware of the device. router.
This security flaw has a high criticality of 8.8/10, it has been assigned an identifier CVE-2022-30024 where you can see all the details of this vulnerability in TP-Link routers.
Models affected by the bug
Manufacturers like TP-Link tend to add different hardware components to their routers, changing the hardware version of the equipment, without having to change the model name. In this case, the models vulnerable to this security flaw are the following:
- TL-WR841 V12
- TL-WR841 V11
- TL-WR841 V10
If you have this TL-WR841 model and it matches the hardware version, you will have to check the firmware version that you are currently using. If you are using the following firmware versions, you are affected by this flaw:
- TL-WR841N(EU)_V12_160624
- TL-WR841N(EU)_V11_160325
- TL-WR841N_V11_150616
- TL-WR841N_V10_150310
Other vulnerability in TL-WR940N router
Manufacturer also has suffered from a major vulnerability in the TL-WR940N router, another top seller for home users who need a simple router and also for WISP operators. In this case, the security flaw would allow arbitrary code to be executed by a user connected via cable or WiFi, that is, anyone connected to the router could execute code in the router, in addition, it is not necessary to authenticate on the router to do it.
The problem is due to improper validation of the length of the user-supplied data before copying it into a stack-type fixed-length buffer, an attacker could execute any type of code in this scenario. The firmware version affected by this serious security flaw is TP-Link TL-WR940N 3.20.1 Build 200316, so if you have this version or lower, update your router as soon as possible to avoid security problems.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
