Year:
--  
Mar.2014
29

TP-Link Develops Firmware Updates to Mitigate Malicious Attacks in Select Routers

(Shenzhen, China) –– TP-Link, a global provider of networking products, today announced that the company had, as of March 11, updated the firmware for all of its mainstream router models to prevent malicious attacks from hackers.

 

Following the release of a white paper from Team Cymru, which detailed several threats that could make home networking products, including TP-Link devices, vulnerable to hackers, TP-Link updated the firmware on all of its mainstream home routers. The company’s ADSL router models will be updated within the week. Team Cymru is a specialized Internet security research firm and 501(c)3 non-profit organization dedicated to making the Internet more secure.

 

There currently exist two vulnerabilities to TP-Link devices:

 

1. Wireless router and ADSL router CSRF vulnerabilities. An attacker uses this vulnerability to alter the router’s DNS server after the customer clicks a forged hyperlink or picture. This vulnerability uses the login information stored in the browser. There is no need to log into the router’s administration page when using this vulnerability.   

 

2. The second threat was found in ADSL routers using an MTK chipset solution, which has a security flaw allowing an attacker to remotely download the router’s configuration file without authentication if the remote management of the router is enabled. The attacker randomly scans an IP address pool and tries to download the configuration file using a specific link. After obtaining the file, the username and password can be extracted. The attackers can then remotely log into the router and change the DNS settings or even the login credentials.

 

TP-Link strongly advises that all customers upgrade their hardware’s firmware immediately by downloading the latest upgrade of their respective device’s product page on the TP-Link corporate website. Instructions for updating a TP-Link router are available here. For additional security, the company has a list of solutions that effectively prevent hackers from accessing these devices, available here.

 

TP-Link has expressed gratitude to the researchers for bringing this issue and issues such as this to light, allowing the company to more quickly and efficiently correct the issue than would otherwise be possible. The company says that it is committed to providing end users with the safest networking experiences possible and will continue to improve device security and their response to security issues such as this as they become apparent. 

 

###

 

About TP-Link

 

TP-Link is a global provider of SOHO and SMB networking products and is the World's No.1 provider of WLAN and Broadband CPE devices. Our products are available in over 120 countries to tens of millions customers. Committed to intensive R&D, efficient production and strict quality management, TP-Link continues to provide award-winning networking products in Wireless, ADSL, Routers, Switches, IP Cameras, Powerline Adapters, Print Servers, Media Converters and Network Adapters for Global end-users.

 

Visit us at http://www.tp-link.com/en/

 

Media Contact:

 

Daniel Beach
Global Communications Manager
dan.beach@tp-link.com
+86 (755) 2153 4103 (China)

 

TP-Link Technologies Co., Ltd.
Keyuan Road, Building 5
Central Science & Technology Park, Nanshan, Shenzhen, China
518057

 

For review units and queries on availability in your region, please contact pr@tp-link.com with your credentials.