HKCert
  

TP-Link Router Multiple Vulnerabilities

Release Date: 11 / 06 / 2019
Last Update: 11 / 06 / 2019
Criticality Level:  


Multiple vulnerabilities were identified in TP-Link Router, a remote authenticated attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service, remote code execution and sensitive information disclosure on the targeted system.

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • TP-Link TL-WR940N
  • TP-Link TL-WR941ND

Notes: No patch is currently available.


Workaround:
1. Disable WAN access to administrative web interface; or only allow access from trusted IP addresses. 

2. Only allow trusted MAC address access administrative web interface in LAN.