RE365 Remote Code Execution Vulnerability

Security Advisory
Updated 09-29-2019 09:43:52 AM 11138

We at TP-Link have been made aware of the remote code execution (RCE) vulnerability reported by Grzegorz Wypych, a researcher for IBM X-Force.

 

This vulnerability can allow arbitrary command execution via a malformed user agent field in HTTP headers, only if an attacker is connected to the local network.

 

TP-Link has released new firmware for the affected models to eliminate this vulnerability. The updates can be downloaded directly from the official TP-Link websites:

 

RE350: https://www.tp-link.com/support/download/re350/#Firmware

RE365: https://www.tp-link.com/support/download/re365/#Firmware

RE500: https://www.tp-link.com/support/download/re500/#Firmware

RE650: https://www.tp-link.com/support/download/re650/#Firmware

 

If there is still any confusion regarding this vulnerability, please contact TP-Link through the support page on the official website at https://www.tp-link.com/support/.

AbonneerTP-Link hecht veel waarde aan privacy. Voor meer informatie over ons privacybeleid kan je onze Privacy Policy bekijken.

Krijg updates over nieuwe producten, samenwerkingen en ander interessant nieuws

From United States?

Get products, events and services for your region.