TP-Link Patches Remote Code Execution Flaws in SOHO Router
November 19, 2018 / Ionut Arghire
Vulnerabilities recently addressed by WiFi device maker TP-Link in its TL-R600VPN small and home office (SOHO) router could allow remote code execution, Cisco Talos security researchers warn. The issues were mainly caused by lack of input sanitization and parsing errors. Lack of proper input sanitization can be exploited without authentication to cause denial of service and leak server information. Parsing errors require an authenticated session for exploitation, but can lead to remote code execution under the context of HTTPD. While the attacker needs to be authenticated to exploit the flaw, because the HTTPD process runs as root, the code would be executed with elevated privileges. Three of the discovered vulnerabilities impact TP-Link TL-R600VPN HWv3 FRNv1.3.0 and TL-R600VPN HWv2 FRNv1.2.3 versions, while a fourth one was found in HWv3 FRNv1.3.0 only.