Security researchers from Vietnam have discovered a critical bug in TP-Link’s TL-WR841N wireless router that allows code execution on the device.
There is a security hole in the administration interface of the inexpensive TL-WR841N WLAN router that allows attackers to execute their own code. Researchers at the Vietnamese telecommunications company Viettel have found a bug that an authenticated attacker could use to install backdoors or worms on the devices. TP-Link has provided firmware updates.
High risk vulnerability
With a buffer overflow in the web GUI (CVE-2022-30024, CVSS value 8.8risk “high“), authenticated users can get a backdoor on the TP-Link TL-WR841N. The attack is aimed at a parameter processing error in the web-based ping tool that TP-Link has built into the router firmware for troubleshooting an overly long host address, an internal buffer overflows and, with a few tricks, allows arbitrary code to be executed like a shell.
Since the attack can only be performed by a user logged into the web interface, a remote exploit would need to meet some additional conditions. However, it is conceivable that resourceful botnet operators will use it in conjunction with other attacks to expand their IoT army.
In the past, operators of botnets such as Cyclops Blink have attacked such vulnerabilities in routers from several manufacturers. There, the cybergangs initially targeted WatchGuard firewalls, only to later abuse security gaps in Asus routers.
Viettel’s researchers present details of the vulnerabilities and the exploit in a security report. As a result, hardware revisions V12 and older are affected. However, TP-Link has only fixed the error for revision V12 at the moment and provided firmware version V12_220802. Owners of older devices look into the tube.
