TP-Link SR20 THE Best Router Vulnerability Disclosed by Google Researcher after No Response From Company 2019, According to Google Security researcher Matthew Garrett, the TP-Link’s SR20 smart home router comes with a weakness that allows arbitrary commands from local network connections.
After being unable to respond to Tip-Link, this exploitation was revealed by the researcher and even published a proof-of-concept for weakness.
The router, which was launched in 2016, publishes several commands that come with root privileges and even do not require authentication. Google publishes the proof after waiting for a 90-day deadline for the project to publish the GERAT release.
TP-Link SR20 THE Best Router Vulnerability Disclosed by Google R
On Twitter, Twitter said that the TP link SR20 smart home router comes with TDPP (TP-Link Device Debug Protocol), which is affected by various weaknesses and is one of them, version 1 commands are released to exploit the aggressors.
He said that these open commands allow attackers to send a command with a file name, a semicolon, so that it is useful. “
This sends the command back to the machine, and it attempts to download a file via TFTP (Trivial File Transfer Protocol) by the file name sent to it.
The main TDPP process waits for up to four seconds – once it does, Loads into the LoA interpreter and config_test () as the name of the configuration file and the remote address.
TU config_test () provides the file downloaded from the remote machine, so it gives arbitrary code execution on the interpreter, in which there are os.execute methods that execute commands only on the host, since TDPP is running on the root, so you can get the arbitrary command executed as root, “He explained in the blog.
• Google researchers tell TP-Link about this issue in December
• He did not receive any feedback from the company, his tweets were ignored
• He then released TP-Link SR20 Router Vulnerability Online
This process allows for the complete takeover of the SR20 router. Garrett said, through December of his security disclosure form, he told about this weakness Tip-Link in December. The page told him that a response would be made within three days, but he could not hear them till now. He said that he tweeted the matter with TP-Link, but there was no response.
He concluded by consulting the company, “Do not make default to run debug daemons in production firmware”, and “If you have a security release form, read this.”
Read Al So :