In this article we report on a vulnerability that has been detected in TP-Link AC1750 routers and that puts the security of users at risk. It must be taken into account that the router is a fundamental piece for our connections and a problem of this type can be very dangerous in order to protect our equipment connected to the network.
Vulnerabilities in TP-Link AC1750 affect security
This vulnerability affects the sync server running on the TP-Link router. It allows an intruder to exploit it via LAN, without the need for authentication. The sync server does not respond to requests from the network, but does analyze some data written to memory shared by tdpServer .
By sending carefully selected data to tdpServer and the appropriate times, arbitrary code execution is achieved on the sync server and the attacker gains full control of the router with the highest level of privilege. This vulnerability has been registered as CVE-2021-27246 .
This security flaw was detected at Pwn2Own in Tokyo 2020 . Security researchers wanted to get a shell and set up a debugging environment. They created a series of tests to see how this vulnerability could be exploited and compromise the security of the TP-Link router.
Among the services listening over LAN, tdpServer was previously analyzed and exploited in Pwn2Own. This service can be accessed through UDP port 20002 , and uses a proprietary protocol called TDP.
In short, this service handles multiple types of TDP packets and parses the data sent in JSON format. Depending on the type and opcode, encryption may be required, either with an encrypted AES key or a fixed XOR.
The security researchers found that this security bug discovered last year was not resolved correctly and there was still the possibility of injecting code and blocking the response of the synchronization server.
The scripts created by security researchers are available on GitHub for anyone to test.
We must always update the firmware of the router
It is very important to keep in mind that we must correctly update the router’s firmware at all times. There are many occasions in which vulnerabilities like this one that we have seen can arise and that affects a TP-Link router. Of course, in this case, as we have seen, the brand has taken a year to properly correct this problem.
Our advice from this article is to always have the latest versions. Especially when it comes to network devices, it is necessary that we have all the available patches installed and prevent those failures from being exploited by third parties. Ultimately, the router is a very important part of our day to day life and there we connect a large number of devices that could be in danger.
In short, one more new failure that puts TP-Link users at risk. We have seen similar vulnerabilities that have affected this brand on other occasions, something that can compromise the security and privacy of users.
