Some TP-Link ADSL modem router's security problem statement

Recently we have found a security problem on some TP-Link’s ADSL modem routers. You may also have noticed this security problem on some other website like http://thehackernews.com/2014/01/TP-Link-Routers-password-hacking.html# .

 

Here is the description of this security problem:

Hackers can try to visit some special URL to download the backup file of some TP-Link’s ADSL modem routers, and this operation doesn’t need any authorization. After hackers have got the backup file, they can upload these backup files to some special website to obtain the administrative password of the TP-Link modem routers. At last, the hackers can use the administrative password to remotely control these TP-Link modem routers.

 

Here is the statement of this security problem:

Now we have already confirmed this security problem, and we have also confirmed it that this security problem can only be exploited when you have enabled the remotely access function on your TP-Link modem routers. Actually all TP-Link modem routers’ latest universal firmware had disabled remotely access function by default. So you can firstly check whether your modem router’s firmware is the latest. You can click the following link to download the latest firmware of TP-Link ADSL modem routers http://www.tp-link.com/en/support/download/?pcid=203 .

If your modem router’s firmware is already the latest, then you don’t need to worry about this security problem as long as you haven’t manually enabled remotely access function on your modem routers.

 

If you insist on using remotely access function on your modem routers, then this security problem does exist and can be exploited by hackers.

So we have decided to release the new official firmware of all related products which will solve this problem as soon as possible. By then, you can use remotely access function freely.

 

If you still have any question about this security problem, please click the following link to send an e-mail to us http://www.tp-link.com/en/support/contact/ .


If you don’t know whether you have enabled remotely access function on your modem router or you want to disable remotely access function on your modem router now, please follow the guidance below.

Step 1

Please log into the management webpage of your modem router, and go to Access Management -> ACL.

 

Step 2

By default, the configurations should be just like the following picture shows (the parameter value of Interface is LAN). You just need to make sure your modem router’s configurations are exactly the same.  

 

Step 3

If you don’t know how to configure ACL on your modem router, please click this link http://www.tp-link.com/en/article/?faqid=476 .


 

After these steps, your modem router’s remotely access function will be disabled. In this way, all hackers can’t download your modem router’s backup file without any authorization, and your modem router will be secure and safe.

 

This Article Applies to:
User Application Requirement | Updated 03-26-2015 08:44:00 AM