Security experts in Poland have discovered a treacherous backdoor in various router models made by TP-Link. When a specially crafted URL is called, the router will respond by downloading and executing a file from the accessing computer, reports Michał Sajdak from Securitum.
The expert says that when a browser sends an HTTP GET request to 192.168.0.1/..........., the contacted router will establish a connection back to the visitor's IP and contact any TFTP server there. It will retrieve a file called nart.out from the TFTP server and execute it as root.
However, this normally only works within a local network; an indirect exploit such as a CSRF attack should fail because the required TFTP server must be accessible within the LAN.
Full article here