A number of security flaws in the default firmware and web interface app of a popular router were discovered by CyberNews researchers that could expose its owners at risk of man-in-the-middle and denial-of-service attacks.
TP-Link AC1200 Archer C50 (v6) is a best-selling ‘Amazon’s Choice’ wifi router retails for £34.50 (~$48) in the UK, mainly sold within the European market. Unfortunately, the device is shipped with an outdated firmware version susceptible to numerous security flaws. Not only is the router sold with vulnerable firmware but it also comes with another critical issue that concerns its web interface app. The app “suffers from subpar security practices and weak encryption,” potentially exposing thousands of owners at risk of attacks.
Owners of the TP-Link AC1200 Archer C50 (v6) router should install the latest firmware update immediately.
What flaws does TP-Link AC1200 Archer C50 (v6) router cointain?
The analysis performed by CyberNews revealed that router contained multiple unpatched flaws in both the default router firmware and its web interface app.
Here is an overview of the discovered issues:
- The router is shipped with outdated firmware that is vulnerable to dozens of known security flaws.
- WPS is enabled by default, potentially allowing threat actors to brute-force the router.
Session tokens are not deleted server-side after logging out of the router app and are accepted for subsequent authorization procedures.
- The router’s administrator credentials and configuration backup files are encrypted using weak protocols and can be easily decrypted by attackers.
- The default version of the router’s web interface app suffers from multiple bad security practices and vulnerabilities, including clickjacking, charset mismatch, cookie slack, private IP disclosures, weak HTTPS encryption, and more.
What did TP-Link say in terms of the router flaws?
On July 18, the CyberNews team reached out to the router company to see whether they were aware of the flaws. The company stated that they will force firmware updates on the vulnerable devices. The owners of these devices are to receive relevant notifications about the updates via the management interface on the web terminal or the mobile app Tether.