NEW DELHI: When vulnerabilities in widely used software and devices arise, the Indian Computer Emergency Response Team (CERT-In) is quick to disclose them. Examples of these products and software include Google Chrome, Mozilla, Apple, and Windows.
But today, CERT-In, a central government agency under the Ministry of Electronics and Information Technology has brought attention to a problem that is both important and easily disregarded. TP-Link routers have been determined to have a security issue.
According to CERT-In, the vulnerability can enable a remote attacker with logged-in access to execute unauthorised code on the compromised machine with elevated privileges.
It is to be noted that Wi-Fi routers act as gateways between one's internet connection and devices, allowing wireless access and thus security flaws could grant unauthorised access to attackers who exploit it.
According to the CERT-In website, “vulnerability has been reported in TP-Link routers which could be exploited by a remote authenticated attacker to execute arbitrary code with elevated privileges on the target system”.
It further warned that “This vulnerability exists in TP-Link routers due to improper neutralisation of special elements used in a binary called rftest. This binary exposes a network service that is vulnerable to unauthenticated command injection” while stating that the vulnerability specifically affects TP-Link Archer versions prior to C5400X(EU)_V1_1.1.7 Build 20240510.
According to the cybersecurity organisation, if this security hole is effectively exploited, it might allow an unauthorised attacker with high-level access to execute unauthorised instructions on the targeted machine from a distance without logging in.
A remote, unauthenticated attacker may be able to run arbitrary code on the targeted system with elevated privileges if this vulnerability is successfully exploited, according to CERT-In.
Although patching the TP-Link software is advised by CERT-In, users can take further precautions to fortify their WiFi networks and safeguard themselves against possible security risks.
ALSO READ: Government asks telecom providers to block incoming international spoofed calls
ALSO WATCH: