Full Disclosure mailing list archives
[RCE] TP-Link Remote Code Execution CVE-2017-13772 v2 - >180, 000 affected devices
From: Andrew Mabbitt <andrew () fidusinfosec com>
Date: Thu, 26 Apr 2018 15:32:43 +0100
Title: [CVE-2017-13772] TPLink TLWR740N Remote Code Execution Blog URL: https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2/ Vendor: TP-Link Date Published: 26/04/2018 CVE: CVE-2017-13772 ** Vulnerability Summary A remote code execution vulnerability was identified in TP-Link's WR740N home WiFi router. Valid credentials are required for this attack path. It is possible for an authenticated attacker to obtain a remote shell with root privileges. This vulnerability of a clone of CVE-2017-13772 reported by the Fidus team last year. There are currently >180,000 affected devices searchable on Shodan. ** Vendor Response The vendor response has been lacking and a patch has still not been released after 3 months. ** Report Timeline 25/1/18 – Initial contact with description of issue, contact with security () tp-link com 26/1/18 – Reply from TP-Link asking for more details, sent them the details for CVE-2017-13772 (wr940n model). 1/2/18 – TP_Link inform us they are looking into the issue. 15/2/18 – Request from us for an update. 30/2/18 – Request from us for an update. 26/3/18 – Another request for an update, warning of public disclosure sent. 28/3/18 – Reply from security () tp-link com, inform us they are releasing a patch in the “recent days”. 29/3/18 – security () tp-link com send us beta firmware to fix the issue. 29/3/18 – Sent a reply to security () tp-link com to confirm the issue fixed. 9/4/18 – Request for an estimate for when the firmware goes live. 18/4/18 – Another request, another warning of public disclosure sent. 26/4/18 – No reply received, public disclosure of vulnerability. ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2/ <https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/> ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [RCE] TP-Link Remote Code Execution CVE-2017-13772 v2 - >180, 000 affected devices Andrew Mabbitt (Apr 27)