Critical remote execution flaw lurks in TP-Link Wi-Fi Extenders

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A critical zero-day vulnerability which impacts TP-Link Wi-Fi Extenders could lead to the remote execution of code, researchers have warned.

IBM X-Force researcher Grzegorz Wypychmembers revealed the existence of the security flaw on Tuesday. In a blog post, the cybersecurity researcher said the security issue impacts TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, build 20180213.

TP-Link Wi-Fi Extenders are devices suitable for both the home and commercial properties and are used to eradicate black spots or areas with weak Wi-Fi coverage. An extender is able to capture Wi-Fi signals from the main router and rebroadcast the same signal, improving its strength.

However, as with many devices connected to the Internet, there is the possibility of vulnerabilities which can be used by attackers to remotely access and compromise systems. In this case, the critical flaw can be exploited to perform remote code execution.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If I understood the article right, it can be exploited only if the attacker is within wifi range of the device.
 
  • Like
Reactions: upnorth

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
I have one of these...and I found a couple random device connected to my router once. I have a suspicion one of my neighbors’ kids is a script kiddie. Anyway, my only conclusion was the tp-link extender was the weak point. It has been in a drawer unplugged for over a year now.
 
  • Like
Reactions: upnorth and shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top