TP-Link, a well-known manufacturer of networking products, was found to have a zero-day flaw in two of its router devices. The vulnerability was discovered by security researcher Grzegorz Wypych of IBM. As per the researcher’s findings, the flaw affected discontinued models TL-WR940N and TL-WR941ND from both running the firmware version 150312. The routers could be compromised with remote attacks as a result.
The big picture
Wypych highlighted that the buffer overflow issue stemmed from the strcpy function. “What’s interesting about it is the strcpy function call, which is the start of the TP-Link httpd process control, the vulnerable binary. What we have here is a classic buffer overflow issue. The function copies the input it receives byte by byte and stores it in a buffer of a size that is not properly being handled. The data therefore exceeds the buffer’s boundaries,” the researcher wrote.