HackerSecret.com - The Most Authoritative Site in the World on the Hacking Tools and Techniques, Penetration Testing and CyberSecurity

  • Home
  • Visit Our Shop
  • Download the free App
  • Contact us for Info
VISIT OUR SHOP! CLICK HERE !

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

by / Wednesday, 19 June 2019 / Published in Hacking
Share
Tweet
Pin
0 Shares

A zero-day vulnerability affects multiple models of TP-Link Wi-Fi extenders, it could be exploited to remotely execute code.

Security expert Grzegorz Wypych from IBM X-Force found a zero-day flaw that affects multiple models of TP-Link Wi-Fi extenders.

The Wi-Fi extenders capture the Wi-Fi signal from the main network device and rebroadcast it to areas where the signal is weak.

RE365 TP-Link Wi-Fi extenders

The vulnerability discovered by the expert could be exploited to remotely execute code on vulnerable devices and get complete control over the device and command it with the same privileges of the device’s legitimate user.

“As part of a recent series of vulnerabilities discovered in home routers, IBM X-Force researcher Grzegorz Wypych discovered a zero-day flaw in a TP-Link Wi-Fi extender.” reads the advisory published by IBM. “If exploited, this remote code execution (RCE) vulnerability can allow arbitrary command execution via a malformed user agent field in HTTP headers.”

The RCE flaw affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, build 20180213.

The flaw could be exploited by an unauthenticated remote attacker, the attack doesn’t require privilege escalation since all processes on the vulnerable devices already run with root-level access.

The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered

TP-Link’s Wi-Fi extenders operate on MIPS architecture and the vulnerability can be triggered by sending a malformed HTTP request.

The HTTP request that can allow the execution of any shell command on the targeted RE365 Wi-Fi extender.

“The following image shows an open telnet session from a fully compromised device. After connecting to TCP port 4444 we were able to obtain root level shell on the Wi-Fi extender without any privilege escalation, with all processes running as root.” continues the analysis.

TP-Link Wi-Fi extenders

“The sort of impact one can expect from such unauthenticated access is, for example, requesting the device to browse to a botnet command and control server or an infection zone,”

The experts warn of the risks of massive attacks on IoT devices carried out thought Mirai-like bots.

TP-Link already released security patches to address the zero-day flaw, the vendor published separated updates for each of the impacted models of Wi-Fi extenders (RE365, RE500, RE650, RE350).

Pierluigi Paganini

(SecurityAffairs – TP-Link Wi-Fi extenders, hacking)

The post Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders appeared first on Security Affairs.

Security Affairs

Share
Tweet
Pin
0 Shares
Tagged under: Critical, Expert, Extenders, Found, TPLink, Wifi, ZeroDay

Search on the site

Our customers say

Annabel M. – Systems Engineer

 
Samuel D. – Ethical Hacker

 
Karola M. – Influencer

 
Marcus P. – Private Investigator

 
Rosemary S. – Housewife

 
Amit V. – IT Consultant

 
Matthew C. – Entrepreneur

 
Aisha B. – Computer Science student

 
Li W. – IT Analyst

 
Robert C. – Programmer

 

Click here now to visit our Shop!

Click here now to visit our Shop!

Other 2300 users like you have already done it this year!

DOWNLOADED 1316 TIMES!

DOWNLOADED 1316 TIMES!

Download now Hacker Secret our free Android app.

CONTACT US NOW FOR IMMEDIATE SUPPORT!

Contact Us
Write your email address here
Write here how we can help you - we support you immediately for all your needs!

Latest posts

  • How to tell if someone is stealing your wifi

  • How to check saved passwords on Chrome

  • The Computer Security Day

  • What is digital forensics

  • How to install Metasploit in Termux?

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!

 

All the techniques, products and services described or contained on this site are intendend for exclusive use of study and professional training and to test the security of own's computer network in accordance with the national legislations on access to computer and online systems. All the services provided on this site (penetration testing, social accounts hardening, Incident Response & CSIRT, MSSP, Cybersecurity Consultancy, etc.) can be provided only with prior written and documented authorization from the owners or their legitimate representatives in accordance with current national regulations .

TOP
New Order