RE365 Remote Code Execution Vulnerability

Security Advisory
Aktualisiert 09-29-2019 09:43:52 AM Number of views for this article55135

We at TP-Link have been made aware of the remote code execution (RCE) vulnerability reported by Grzegorz Wypych, a researcher for IBM X-Force.

 

This vulnerability can allow arbitrary command execution via a malformed user agent field in HTTP headers, only if an attacker is connected to the local network.

 

TP-Link has released new firmware for the affected models to eliminate this vulnerability. The updates can be downloaded directly from the official TP-Link websites:

 

RE350: https://www.tp-link.com/support/download/re350/#Firmware

RE365: https://www.tp-link.com/support/download/re365/#Firmware

RE500: https://www.tp-link.com/support/download/re500/#Firmware

RE650: https://www.tp-link.com/support/download/re650/#Firmware

 

If there is still any confusion regarding this vulnerability, please contact TP-Link through the support page on the official website at https://www.tp-link.com/support/.

Finden Sie diese FAQ hilfreich?

Mit Ihrer Rückmeldung tragen Sie dazu bei, dass wir unsere Webpräsenz verbessern.

Von United States?

Erhalten Sie Produkte, Events und Leistungen speziell für Ihre Region

Remove