Router Security: TP-Link Issues Patch to Fix Code Execution Vulnerability of Old Routers

By Amee Florence Payno, Christian Post Contributor

Router manufacturing company TP-Link recently released a security patch that addresses and repairs an existing vulnerability in one of its discontinued product line of routers.

The vulnerability that is fixed by the patch update allows external entities to remotely execute malicious code on TP-Link's WR841N V8 router. This was discovered by security researchers at the security firm Senrio. The firm worked closely with TP-Link in creating the security patch that fixes the vulnerability.

During Senrio's research into the TP-Link WR841N router, they found a logic flaw in the device's configuration service, which made it possible for the firm's researchers to bypass its access controls and to reset the credentials of the router. Then, they utilized their increased access and exploited the machine's stack overflow vulnerability via the router's configuration service in order to acquire code execution.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

The researchers took advantage of the routers' vulnerability through a proximity-based attack, which they have accomplished by using a smartphone's hotspot capability. Once they have carried out the reset of the router's credentials, the researchers were then able to execute malicious code.

While current models of TP-Link routers do not possess these vulnerabilities because of updated firmware that prevents the exploit, older router models from the company, however, remains at risk. Hence, the router manufacturer decided to launch a firmware update that should safeguard old and at-risk routers from possible exploitation.

While Senrio lauded the company's move to protect its users, they have warned that there are still a large number of router owners that are not updating their devices with the latest patch.

It is not uncommon for devices with security flaws that are not running with updated patch to be taken advantage of by hackers. In fact, in a recent leak published by Wikileaks containing alleged Central Intelligence Agency (CIA) documents, it was revealed that the government agency had designed hacking programs that compromised internet routers for the purpose of monitoring the online activity of the agency's targets.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.