TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical zero-day vulnerability has been discovered in TP-Link Archer, Deco, and Tapo series routers, potentially allowing attackers to inject malicious commands and fully compromise affected devices.
This vulnerability, present in both old and recent firmware versions up to November 4th, 2024, highlights significant security concerns for users of these popular router models.
The vulnerability was initially identified in an old firmware version of the AXE75 router from 2023, but further investigation revealed its presence in the most recent firmware release.
Security researchers employed various techniques to analyze and exploit this vulnerability:-
The critical flaw was discovered in the avira.lua file, ironically part of the Avira antivirus software intended to protect the device.
ThottySploity researchers identified that the vulnerability lies in the “tmp_get_sites” function, where the ownerId variable is passed to the os.execute function without proper sanitization or validation.
Exploitation
Researchers developed an exploit that targets the vulnerability through the “/admin/smart_network” endpoint.
The vulnerability was responsibly disclosed to TP-Link following its discovery on October 3, 2024. Key events in the disclosure timeline include:
To mitigate this vulnerability, TP-Link should implement proper input sanitization for the ownerId variable, such as using the tonumber function in Lua to prevent text injection.
This discovery underscores the importance of continuous security auditing and responsible disclosure in the realm of network device firmware.
Users of affected TP-Link routers are advised to update their firmware as soon as patches become available to protect against potential exploitation of this vulnerability.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands
Author: Tushar Subhra DuttaA critical zero-day vulnerability has been discovered in TP-Link Archer, Deco, and Tapo series routers, potentially allowing attackers to inject malicious commands and fully compromise affected devices.
This vulnerability, present in both old and recent firmware versions up to November 4th, 2024, highlights significant security concerns for users of these popular router models.
The vulnerability was initially identified in an old firmware version of the AXE75 router from 2023, but further investigation revealed its presence in the most recent firmware release.
Security researchers employed various techniques to analyze and exploit this vulnerability:-
- Firmware Acquisition : TP-Link’s firmware is publicly available and unencrypted, facilitating easier analysis compared to other vendors.
- Reverse Engineering : Using tools like binwalk, researchers extracted the firmware’s contents, revealing the router’s file system structure and key components.
- Emulation : The web gateway of the router was emulated using “qemu-arm-static,” allowing for targeted vulnerability assessment without physical hardware.
- Vulnerability Identification : By searching for specific system execution functions in the Lua scripts, researchers pinpointed potential security weaknesses.
The critical flaw was discovered in the avira.lua file, ironically part of the Avira antivirus software intended to protect the device.
ThottySploity researchers identified that the vulnerability lies in the “tmp_get_sites” function, where the ownerId variable is passed to the os.execute function without proper sanitization or validation.
Exploitation
Researchers developed an exploit that targets the vulnerability through the “/admin/smart_network” endpoint.
The vulnerability was responsibly disclosed to TP-Link following its discovery on October 3, 2024. Key events in the disclosure timeline include:
- October 10, 2024: TP-Link was contacted and began analyzing the vulnerability.
- November 8, 2024: TP-Link acknowledged the vulnerability and provided a fixed beta firmware version.
- November 23, 2024: MITRE reserved CVE-ID 2024-53375 for this vulnerability.
To mitigate this vulnerability, TP-Link should implement proper input sanitization for the ownerId variable, such as using the tonumber function in Lua to prevent text injection.
This discovery underscores the importance of continuous security auditing and responsible disclosure in the realm of network device firmware.
Users of affected TP-Link routers are advised to update their firmware as soon as patches become available to protect against potential exploitation of this vulnerability.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
