What now?
In an
advisory detailing the CSRF and the two DoS vulnerabilities, Tenable has also detailed the efforts it went through to get TP-Link to fix them.
Unfortunately, as it seems, the latest firmware version available for the vulnerable router still sports the flaws. But, as 90 days have passed since they first contacted the company, Tenable publicly released information about their discovery.
Wells has also developed a proof of concept of the CSRF vulnerability and
demonstrated its effectiveness.