Customers Can't Trust Vendors to Act Responsibly

A back door has been discovered in theTP-Link TL-WDR4300 dual band WiFi router. This is a popular SOHO class router with a major problem that the vendor seems to be ignoring. Sekurak, a Polish Security group, reportedly reached out to TP-Link several times (out of a professional courtesy that shows a responsible blend of full disclosure and caution), but received no reply.

  • 12.02.2013 – TP-Link e-mailed with details – no response
  • 22.02.2013 – TP-Link again e-mailed with details – no response
  • 12.03.2013 – public disclosure
  • 14.03.2013 – UPDATE: contact from TP-Link Poland. They asked for some more detailed information. Additional PoC sent.
  • 15.03.2013 – UDPATE: confirmation of the issue (it is WAN exploitable if http admin is available from WAN side)

These routers remain vulnerable and exploitable - but they still "work". The bottom line is that without at least an Essential Vulnerability Scan, the companies using this device will have no idea they are at risk until a breach occurs. That's no way to run a business. CyberCede offers an affordable "Essential Vulnerability Scan" for SOHO Customers. Call us today to see if you qualify, and schedule your scan: (315) 497 - SCAN. You can find out more about this TP-Link TL-WDR4300 dual band WiFi router from Sekurak, first hand.