RE365 Remote Code Execution Vulnerability
We at TP-Link have been made aware of the remote code execution (RCE) vulnerability reported by Grzegorz Wypych, a researcher for IBM X-Force.
This vulnerability can allow arbitrary command execution via a malformed user agent field in HTTP headers, only if an attacker is connected to the local network.
TP-Link has released new firmware for the affected models to eliminate this vulnerability. The updates can be downloaded directly from the official TP-Link websites:
If there is still any confusion regarding this vulnerability, please contact TP-Link through the support page on the official website at https://www.tp-link.com/support/.
Your feedback helps improve this site.