A dangerous bug has been detected in TP-Link Archer routers, which allows illegal login without passwords and with administrator rights. Those who own such a router should upgrade it device them directly.
TP-Link has one critical vulnerability on some models of Archer routers, which could allow intruders to cancel administrator passwords and gain remote control of devices via LAN and Telnet connection.
According to researcher Grzegorz Wypych of IBM X-Force Red, if the attackers send an HTTP request to these routers containing a string of characters greater than the allowed number of bytes, the result will be the user password being completely canceled and replaced with a blank value.
This works despite the built-in validation because it only checks the referent's HTTP headers, allowing the attacker to deceive the router's httpd service, and to recognize the request as valid using the hardcoded value tplinkwifi.net.
Since the only type of users on these routers is the administrator with full root privileges, once the intruders bypass the authentication process, they will automatically receive administrator privileges on the router.
Accordingly, the legal user he will be locked out and will no longer be able to log into the router with his passwords. The scenario gets even worse, since even if the owner of the router succeeds with a hardreset and sets a new password on the device, attackers could still override it with another LAN request.
This flaw is considered critical as it can allow an unauthorized third party access to the router with administrative rights. The risk is of course greater in networks businesses, where routers such as these are used to provide Wi-Fi access to guests.
Fixes available security
TP-Link has already released updates to help customers protect their routers from attacks that could abuse this security vulnerability, called CVE-2019-7405.
You can download the security updates for Archer C5 V4, Archer MR200v4, Archer MR6400v4, and Archer MR400v3 routers from the table below.
Brutal TP-Link Router | Security update |
Archer C5 V4 | https://static.tp-link.com/2019/201909/20190917/Archer_C5v4190815.rar |
Archer MR200v4 | https://static.tp-link.com/2019/201909/20190903/Archer%20MR200(EU)_V4_20190730.zip |
Archer MR6400v4 | https://static.tp-link.com/2019/201908/20190826/Archer%20MR6400(EU)_V4_20190730.zip |
Archer MR400v3 | https://static.tp-link.com/2019/201908/20190826/Archer%20MR400(EU)_V3_20190730.zip |