New security flaw in TP-Link Wi-Fi router has been discovered
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
April 10, 2017
It was discovered today that TP-Link's M-5350 Wi-Fi router has the kind of internet security flaws that give security professionals sleepless nights.
In what looks like a feature created for developers' overall convenience, but left behind when it should have been outright deleted as soon as possible, the device's administrative credentials can be easily retrieved by simple text message.
The discoverer of the security flaw, a German company called Securai, told us that the problem has a cross-site scripting (XSS) bug triggered by an SMS that attack a specific script.
The device then replies with the admin username, admin password, its SSID, and its login password.
Securai's Jan Hörsch said he discovered the security bug by analysing the modem's firmware. It's unlikely that the security vulnerability has been patched, since according to TP-Link's current firmware download page for the M-5350, the most-current version is M5350_V2_140115, released in January 2015.
Those security flaws were revealed at last week's Kaspersky Security Analyst Summit. One more time, the Internet-of-Things looks more like the Insecurity-of-Things. We'll keep you in the loop.
Source: Securai LLC.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.