Title: [CVE-2017-13772] TPLink TLWR740N Remote Code Execution Blog URL: https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2/ Vendor: TP-Link Date Published: 26/04/2018 CVE: CVE-2017-13772
** Vulnerability Summary A remote code execution vulnerability was identified in TP-Link's WR740N home WiFi router. Valid credentials are required for this attack path. It is possible for an authenticated attacker to obtain a remote shell with root privileges. This vulnerability of a clone of CVE-2017-13772 reported by the Fidus team last year. There are currently >180,000 affected devices searchable on Shodan. ** Vendor Response The vendor response has been lacking and a patch has still not been released after 3 months. ** Report Timeline 25/1/18 – Initial contact with description of issue, contact with [email protected] 26/1/18 – Reply from TP-Link asking for more details, sent them the details for CVE-2017-13772 (wr940n model). 1/2/18 – TP_Link inform us they are looking into the issue. 15/2/18 – Request from us for an update. 30/2/18 – Request from us for an update. 26/3/18 – Another request for an update, warning of public disclosure sent. 28/3/18 – Reply from [email protected], inform us they are releasing a patch in the “recent days”. 29/3/18 – [email protected] send us beta firmware to fix the issue. 29/3/18 – Sent a reply to [email protected] to confirm the issue fixed. 9/4/18 – Request for an estimate for when the firmware goes live. 18/4/18 – Another request, another warning of public disclosure sent. 26/4/18 – No reply received, public disclosure of vulnerability. ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2/ <https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/> ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
