Zero-day flaw leaves TP-Link routers open to remote attacks
- Two popular router models of TP-Link contained a buffer overflow vulnerability.
- The flaw could enable unauthorized users to take control of the routers from a remote location.
TP-Link, a well-known manufacturer of networking products, was found to have a zero-day flaw in two of its router devices. The vulnerability was discovered by security researcher Grzegorz Wypych of IBM. As per the researcher’s findings, the flaw affected discontinued models TL-WR940N and TL-WR941ND from both running the firmware version 150312. The routers could be compromised with remote attacks as a result.
The big picture
- A buffer overflow vulnerability due to a faulty strcpy function plagued the two router models.
- The function stored input data in buffers that were erroneously handled in the router’s console.
- Attackers could have relied on the flaw to take control of the routers from a remote location.
- Once it was publicly disclosed, TP-Link patched the flaw by releasing a new firmware for these routers.
Wypych highlighted that the buffer overflow issue stemmed from the strcpy function. “What’s interesting about it is the strcpy function call, which is the start of the TP-Link httpd process control, the vulnerable binary. What we have here is a classic buffer overflow issue. The function copies the input it receives byte by byte and stores it in a buffer of a size that is not properly being handled. The data therefore exceeds the buffer’s boundaries,” the researcher wrote.