TP-Link's SR20 Smart Home Router Discovered To Come With a Vulnerability As Per Google Security Researcher

TP-Link's SR20 Smart Home Router is recently discovered to come with a vulnerability allowing arbitrary command execution from a local network connection as per a Google security researcher Matthew Garrett. The router, launched in 2016, uncovered various commands that come with root privileges and do not even require validation.

The endeavor was uncovered by the researcher after he was unable to request a reaction from TP-Link, and even published a proof-of-concept to exhibit the said weakness.

Garrett took to twitter to clarify that the TP Link SR20 Smart Home Router accompanying TDDP (TP- Device Debug Protocol), which is influenced with a few vulnerabilities, and one of them is that version 1 commands are 'exposed' for attackers to exploit.

He says that these uncovered directions enable aggressors to send an order containing a filename, a semicolon, to execute the procedure.

 “This connects back to the machine that sent the command and attempts to download a file via TFTP (Trivial File Transfer Protocol) corresponding to the filename it sent. The main TDDP process waits up to four seconds for the file to appear - once it does, it loads the file into a Lua interpreter it initialized earlier, and calls the function config_test() with the name of the config file and the remote address as arguments. Since config_test () is provided by the file that was downloaded from the remote machine, this gives arbitrary code execution in the interpreter, which includes the os.execute method which just runs commands on the host. Since TDDP is running as root, you get arbitrary command execution as root,” he explains on his blog.

In spite of the fact that Garrett says he reported to TP-Link of this vulnerability in December, by means of its security disclosure form, the page disclosed to him that he would get a reaction within three days, however hasn't heard back from them till date. He additionally said that he tweeted at TP-Link with respect to the issue, yet that gathered no reaction either.

Category: / /

Share this with Your friends: