Critical Vulnerability in TP-Link most sold router TP-Link TL-WR841

The well-known manufacturer TP-Link once again suffers from a new security vulnerability, in this case the affected one is one of its best-selling routers. The affected model is the popular TP-Link TL-WR841 with different hardware versions, and it is that a security researcher has discovered a serious vulnerability that would allow an external attacker to be able to execute random commands, that is, gain total control of the router. 

What is this vulnerability?

The vulnerability consists of a “buffer overflow”, that is, buffer overflow. The affected component is the httpd service of the TP-Link TL-WR841N V12, although the router versions V11 and V10 are also affected, later we will detail all the affected models as well as the affected firmware versions. This security flaw discovered by a security researcher allows an authenticated remote attacker to execute arbitrary code via an HTTP GET request to the Wi-Fi network tools page, i.e. the “System Tools” menu of the firmware of the device. router.

This security flaw has a high criticality of 8.8/10, it has been assigned an identifier CVE-2022-30024 where you can see all the details of this vulnerability in TP-Link routers.

Models affected by the bug

Manufacturers like TP-Link tend to add different hardware components to their routers, changing the hardware version of the equipment, without having to change the model name. In this case, the models vulnerable to this security flaw are the following:

  • TL-WR841 V12
  • TL-WR841 V11
  • TL-WR841 V10

If you have this TL-WR841 model and it matches the hardware version, you will have to check the firmware version that you are currently using. If you are using the following firmware versions, you are affected by this flaw:

  • TL-WR841N(EU)_V12_160624
  • TL-WR841N(EU)_V11_160325
  • TL-WR841N_V11_150616
  • TL-WR841N_V10_150310

Other vulnerability in TL-WR940N router

Manufacturer also has suffered from a major vulnerability in the TL-WR940N router, another top seller for home users who need a simple router and also for WISP operators. In this case, the security flaw  would allow arbitrary code to be executed by a user connected via cable or WiFi, that is, anyone connected to the router could execute code in the router, in addition, it is not necessary to authenticate on the router to do it.

The problem is due to improper validation of the length of the user-supplied data before copying it into a stack-type fixed-length buffer, an attacker could execute any type of code in this scenario. The firmware version affected by this serious security flaw is TP-Link TL-WR940N 3.20.1 Build 200316, so if you have this version or lower, update your router as soon as possible to avoid security problems.