Zero-Day in TP-Link Archer Routers Could Allow Device Takeover

A zero-day vulnerability has been discovered by IBM X-Force Red researchers affecting both home and business TP-Link Archer routers. If exploited, the critical flaw could grant access to unauthorized users, allowing potential attackers the capability to reset admin passwords and take control of devices via Telnet on the local area network (LAN). Businesses are susceptible to greater risk when routers are used to enable guest Wi-Fi. Additionally, the flaw could provide potential attackers an access point to perform reconnaissance and lateral movement to devices within the network. TP-Link has released updates and urges customers to apply patches immediately to the following products: Archer C5 v4; Archer MR200v4; Archer MR6400v4; Archer MR400v3. 

The NJCCIC recommends users of TP-Link Archer routers to change default passwords and ensure updates have been applied, keeping software up-to-date, and enable multi-factor authentication (MFA) where available. Further details can be found in the Security Intelligence article.