Treacherous backdoor found in TP-Link routers

RCuber · Mar 19, 2013

Security experts in Poland have discovered a treacherous backdoor in various router models made by TP-Link. When a specially crafted URL is called, the router will respond by downloading and executing a file from the accessing computer, reports Michał Sajdak from Securitum.

The expert says that when a browser sends an HTTP GET request to 192.168.0.1/..........., the contacted router will establish a connection back to the visitor's IP and contact any TFTP server there. It will retrieve a file called nart.out from the TFTP server and execute it as root.

However, this normally only works within a local network; an indirect exploit such as a CSRF attack should fail because the required TFTP server must be accessible within the LAN.

Full article here

Vignesh B · Mar 19, 2013

Hmm, that's sad.
But the worst part is that, TP-Link is not accepting this bug.
Anyway, any work-around is there to prevent an attack?

NoasArcAngel · Mar 20, 2013

Vignesh B said:
Hmm, that's sad.
But the worst part is that, TP-Link is not accepting this bug.
Anyway, any work-around is there to prevent an attack?

you dont need a workaround, it will only work when the attacker is on LAN

Vignesh B · Mar 20, 2013

NoasArcAngel said:
you dont need a workaround, it will only work when the attacker is on LAN

Hmm, ok. I overlooked that part!

amjath · Mar 20, 2013

What about custom firmwares dd wrt

Treacherous backdoor found in TP-Link routers

RCuber

The Mighty Unkel!!!

Vignesh B

Youngling

NoasArcAngel

Wise Old Owl

Vignesh B

Youngling

amjath

Human Spambot