Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks
Image
Published : 20/06/2019
Reference:
Advisory #2019-017
Version:
1.0
Affected software:
TP-Link Wi-Fi extenders RE350(EU)_V1_190516
TP-Link Wi-Fi extenders RE365(EU)_V1_190528
TP-Link Wi-Fi extenders RE500 (EU)_V1_190521
TP-Link Wi-Fi extenders RE650(EU)_V1_190521
Type:
Remote Code Execution
CVE/CVSS:
CVE-2019-7406
Sources
https://www.securityweek.com/critical-flaw-exposes-tp-link-wi-fi-extenders-remote-attacks
Risks
An unauthenticated attacker can exploit the vulnerability by triggering a malformed http request allowing the attacker to execute arbitrary shell commands on the target Wi-Fi extender with root privileges.
Description
IBM researchers discovered a serious zero-day vulnerability, impacting TP-Link Wi-Fi Extenders. The vulnerability (CVE-2019-7406) could lead to remote code execution attacks and affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, build 20180213.
TP-Link has released a firmware update to fix this vulnerability and has released a separate update for each affected model’s Wi-Fi extender
Recommended Actions
CERT.be recommends systems administrators to patch vulnerable devices after thorough testing.