Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks
An unauthenticated attacker can exploit the vulnerability by triggering a malformed http request allowing the attacker to execute arbitrary shell commands on the target Wi-Fi extender with root privileges.
IBM researchers discovered a serious zero-day vulnerability, impacting TP-Link Wi-Fi Extenders. The vulnerability (CVE-2019-7406) could lead to remote code execution attacks and affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, build 20180213.
TP-Link has released a firmware update to fix this vulnerability and has released a separate update for each affected model’s Wi-Fi extender
CERT.be recommends systems administrators to patch vulnerable devices after thorough testing.