This top TP-Link router ships with some serious security flaws
Best-selling router ships with outdated and vulnerable firmware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Upgrading yourwireless routerwith a new model fromAmazonis certainly a good idea if you’reworking from homebut new research fromCyberNewshas revealed that one of the most popular routers from TP-Link frequently featured on the ecommerce giant’s store ships with vulnerable firmware.
Shenzhen-basedTP-Linkis the world’s number one manufacturer of consumer WiFi networking products with yearly sales of 150m devices and a 42 percent share of the global consumer WLAN market. The company’s routers are also often awarded “Amazon’s Choice” badges in the “WiFi router” category on Amazon.
The TP-Link AC1200 Archer C50 (v6) is the best-selling “Amazon’s Choice” Wi-Fi router in the UK and is mainly sold within the European market though another version is also available on Amazon’s online store in the US.
During its investigation into this router,CyberNewsfound numerous flaws within its default firmware as well as its web interface. For this reason, the news outlet recommends that allTP-Link AC1200 Archer C50 (v6)owners upgrade their devices to the latest firmware as soon as possible.
Known flaws in default firmware
According toCyberNews, the TP-Link AC1200 Archer C50 (v6) ships with outdated firmware that is vulnerable to dozens of known security flaws.WPSis also enabled by default on the device which could allow an attacker to brute-force the router while its admin credentials and configuration backup files are encrypted using weak protocols that could easily be broken.
At the same time, the default version of the router’s web interface app suffers from multiple bad security practices and vulnerabilities includingclickjacking, charset mismatch, cookie slack, private IP disclosures, weak HTTPS encryption and more.
Thankfully most of these flaws have now been patched butCyberNewspoints out that some were only patched halfway through. For instance, the backend of the router still seems to be secured in such a way that an attacker could potentially find an entry point within the web interface and re-exploit previously known flaws.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
CyberNewsreached out to TP-Link to inform the company of its discoveries and it said that it will force firmware updates on the affected devices while owners will receive “relevant notifications” about these updates via their management interface.
The lesson here is that while you may have purchased a brand new device from Amazon or any other online or offline retailer for that matter, you still need to take the time and ensure that yourrouter is updatedto the latest firmware to protect your network and your data.
ViaCyberNews
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
After Arcane season 1 ended on a stunning cliff hanger, its creators say it was ‘always the plan’ for those characters to die in the season 2 premiere
