Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

New security flaw in TP-Link Wi-Fi router has been discovered

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

April 10, 2017

It was discovered today that TP-Link's M-5350 Wi-Fi router has the kind of internet security flaws that give security professionals sleepless nights.

In what looks like a feature created for developers' overall convenience, but left behind when it should have been outright deleted as soon as possible, the device's administrative credentials can be easily retrieved by simple text message.

The discoverer of the security flaw, a German company called Securai, told us that the problem has a cross-site scripting (XSS) bug triggered by an SMS that attack a specific script.

The device then replies with the admin username, admin password, its SSID, and its login password.

Securai's Jan Hörsch said he discovered the security bug by analysing the modem's firmware. It's unlikely that the security vulnerability has been patched, since according to TP-Link's current firmware download page for the M-5350, the most-current version is M5350_V2_140115, released in January 2015.

Heise notes that Hörsch has also been busy with the other usual Internet-of-Things targets: a Panasonic BM ET-200 retina scanner whose web interface could bypass security by sending it crafted JavaScript, and a Startech modem with a hard-coded telnet password.

Those security flaws were revealed at last week's Kaspersky Security Analyst Summit. One more time, the Internet-of-Things looks more like the Insecurity-of-Things. We'll keep you in the loop.

Source: Securai LLC.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer