TP Link Router Vulnerable to Critical Bug for a Year, Fix Made Readily Available: Report

The bug was discovered last year, but the patch was unavailable on the company site.

By Tasneem Akolawala | Updated: 23 May 2019 14:22 IST

TP Link Router Vulnerable to Critical Bug for a Year, Fix Made Readily Available: Report

TP-Link WR740N router security patch is now live

Highlights

TP-Link hadn’t published firmware fix for a critical bug in WR740N router
It published the patch after TechCrunch reached out
t says the update was available when customers requested via support

made no attempt to make its users aware about the critical bug, or relay the methods to prevent an unforeseen breach. A new report details on TP-Links lapse of efficiency, and says that the bug allows an unethical hacker to gain full access to an affected router.

TechCrunch reports that TP-Link WR740N router has a critical vulnerability since 2017, and a patch was quickly made available. But when the patch was recently searched for, it wasn't available on the company's firmware page. The publication reached out to TP-Link, and the company said that the "update was currently available when requested from tech support" only. Soon after, the company updated its firmware page to include the latest security patch.

The vulnerability was first discovered by founder of UK cybersecurity firm Fidus Information Security, Andrew Mabbit. He made TP-Link aware of the issue in October 2017 in its WRN940N router, which the company quickly issued a patch for. In 2018, the same bug was found in the TP-Link WR740N router, and the patch was also released for that router as well. However, the patch was not live for the WR740N router until the publication reached out and made TP-Link aware about it.

The fix for both the routers is now live on the company website. TP-Link says that it has discontinued the WR740N routers, but Shodan and Binary Edge search engines reportedly suggest that somewhere between 129,000 and 149,000 devices are on the Internet, however vulnerable device numbers will be low. In any case, TP-Link should be more proactive in alerting customers of the vulnerability and asking them to install the patch, rather than waiting for the customer to contact support.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.