Fix for vulnerabilities of TL-WR740N & TL-WR940N

Security Advisory
Updated 09-29-2019 09:42:04 AM

TP-Link is aware of a security flaw in the TL-WR740N & TL-WR940N router.

Upon receiving feedback of a possible security issue, we began investigations at once. Through extensive testing, we identified a buffer-overflow security problem in the existing firmware. By exploiting this security flaw, it’s possible an attacker may have the opportunity to launch a remote code execution aimed at the customer’s device.

To exploit this security flaw, an attacker must know the username and password of the administrator account in advance. If an attacker does not know the account information, this security flaw cannot be exploited and the device is safe.

In a fast response, TP-Link has been optimizing and releasing updates to the affected firmware to eliminate this vulnerability. Firmware updates have already been provided for TL-WR940N and TL-WR740N (model no longer produced) and sent out to the complainant within a week. Users can download the updates directly from the product support pages on the official TP-Link website.

As ever, we strongly recommend that customers set strong passwords that use a combination of letters and numbers, and that the remote login function is disabled unless needed in order to strengthen the security of your device.

TP-Link is committed to serving customers while maintaining the highest levels of security. We will continue to prioritize the needs of our customers moving forward.

For further questions or concerns, please contact TP-Link through the support page on our official website: https://www.tp-link.com/support/.