Kitz Forum

Announcements => News Articles => Topic started by: Weaver on February 15, 2017, 12:56:15 AM

Title: Bad news concerning TP-Link routers’ critical security flaws
Post by: Weaver on February 15, 2017, 12:56:15 AM

see https://threatpost.com/updated-firmware-due-for-serious-tp-link-router-vulnerabilities/123702/

Title: Re: Bad news concerning TP-Link routers’ critical security flaws
Post by: Chunkers on February 15, 2017, 05:40:55 AM

In my opinion TP-Link support for firmware updates appears sadly lacking and a good reason to be cautious before buying their products, although the hardware is generally good value.

My TL-ER5120 (http://uk.tp-link.com/products/details/cat-4910_TL-ER5120.html) is a good unit and is still on sale but it has issues and bugs (DNS related in my case) and the last firmware update was February 2014!

For me, this is the whole thing that drove me to pfSense.  The manufacturers are focused on pumping out hardware, attracting new customers and not supporting existing ones.

Chunks

Title: Re: Bad news concerning TP-Link routers’ critical security flaws
Post by: Chrysalis on February 15, 2017, 08:49:51 AM

Yep and its even a thing now to rollout new hardware for the sake of rolling out a software feature.

Title: Re: Bad news concerning TP-Link routers’ critical security flaws
Post by: ejs on February 15, 2017, 03:06:16 PM

Spoilsport.

That "critical security vulnerability" is exactly the kind of thing I've been trying to do, to gain telnet access for getting DSL stats. It's quicker than having to upload a config file, so worth trying on other models, before it gets fixed of course. The "vulnerability" amounts to if you know the admin username and password, then with local network access to the device, you can get yourself proper shell access. You could consider it a way to unlock the device, rather than a vulnerability.

The open SNMP port in the iptables firewall configuration applies to a lot of models, the TD-W8970v1 and TD-W9980 being the models I've looked at.