Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched

[silversurfer]

TP-Link TL-R600VPN routers with HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 were found to contain multiple remotely exploitable remote code execution (RCE), denial-of-service (DoS), and information disclosure security issues as disclosed by Cisco Talos' Jared Rittle.

Luckily, the remote code execution vulnerabilities discovered in the TP-Link TL-R600VPN 'SafeStream Gigabit Broadband VPN Router' require the remote attackers to be authenticated which decreases the seriousness of these security issues.

However, according to the Cisco Talos researcher, the exploit code "could be executed with root privileges" because the arbitrary code execution is performed under the security privileges of the HTTPD process which is always running as root.

Source: https://news.softpedia.com/news/multiple...3857.shtml