Pierluigi Paganini May 16, 2023
China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been linked to the China-linked cyberespionage group Mustang Panda (aka Camaro Dragon, RedDelta or “Bronze President). MustangPanda […]

Pierluigi Paganini December 09, 2021
Dark Mirai botnet spreads targeting RCE on TP-Link routers

A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to […]

Pierluigi Paganini November 26, 2021
Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises. The identified vulnerability […]

Pierluigi Paganini December 17, 2019
TP-Link Archer routers allow remote takeover without passwords

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. TP-Link addressed a critical zero-day vulnerability (CVE-2017-7405) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was […]

Pierluigi Paganini June 18, 2019
Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

A zero-day vulnerability affects multiple models of TP-Link Wi-Fi extenders, it could be exploited to remotely execute code. Security expert Grzegorz Wypych from IBM X-Force found a zero-day flaw that affects multiple models of TP-Link Wi-Fi extenders. The Wi-Fi extenders capture the Wi-Fi signal from the main network device and rebroadcast it to areas where […]

Pierluigi Paganini November 20, 2018
TP-Link fixes 2 Remote Code Execution flaws in TL-R600VPN SOHO Router and other issues

TP-Link has addressed several vulnerabilities, including a remote code execution flaw, in its TL-R600VPN small and home office (SOHO) router. TP-Link as fixed four security vulnerabilities in the TL-R600VPN small and home office (SOHO) router that were reported by experts at Cisco Talos. The vulnerabilities are two remote code execution (RCE) flaws(CVE-2018-3950, CVE-2018-3951), a denial-of-service issue (CVE-2018-3948), and a server information disclosure bug (CVE-2018-394). The DOS and server information […]

Pierluigi Paganini March 04, 2014
SOHO pharming attack hit more that 300,000 devices worldwide

Researchers at Team Cymru published a detailed report on a large scale SOHO pharming attack that hit more that 300,000 devices worldwide. Another mass compromise of small office/home office (SOHO) wireless routers has been uncovered by researchers from security firm Team Cymru. The hackers adopted different techniques to exploit the numerous flaws discovered in the last months […]