Critical vulnerability in TP-Link Wi-Fi extenders could allow attackers to take complete control over it

• The vulnerability in the TP-Link RE365 Wi-Fi extender version 1.0.2 build 20180213 impacts RE650, RE350, and RE500 devices.
• TP-Link has released firmware updates to each of the affected devices to patch the vulnerability.

A security researcher from IBM X-Force, Grzegorz Wypych has uncovered a critical remote code execution vulnerability in the TP-Link Wi-Fi RE365 extender that could allow an attacker to take complete control over the device.

What is the vulnerability?

The vulnerability tracked as CVE-2019-7406 could allow a remote attacker to perform arbitrary command execution via specially crafted user agent fields in HTTP headers. This allows an attacker to take complete control of the device with administrative privileges.

This vulnerability could affect both home users and corporate users, allowing an attacker to send any kind of request to the extender such as requesting the device to browse to a botnet command-and-control (C&C) server or an infection zone.

“The thought of a Mirai infection on internet of things (IoT) devices is, of course, one of the first things that comes to mind, where automated scripts could potentially run as root on this type of device if the vulnerability is exploited,” the researcher said.

What are the affected products?

The vulnerability in the TP-Link RE365 Wi-Fi extender version 1.0.2 build 20180213 impacts RE650, RE350, and RE500 devices.

TP-Link has released firmware updates to each of the affected devices to patch the vulnerability.