IBM researchers just discovered another serious zero-day vulnerability, this time impacting TP-Link Wi-Fi Extenders. The vulnerability (known as to CVE-2019-7406) could lead to remote code execution attacks and affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware version 1.0.2, build 20180213.
More about to CVE-2019-7406
The CVE-2019-7406 vulnerability was discovered by security researcher Grzegorz Wypychmembers of IBM X-Force. In case of a successful attack, the RCE bug could allow arbitrary command execution via a malformed user agent field in HTTP headers.
In other words, a remote attacker could get complete control over the device and command it with the same privileges of the device’s legitimate user. The issue is serious as it affects both home and commercial properties where TP-Link Wi-Fi Extenders are utilized. The extenders are devices that can amplify a Wi-Fi signal, and as such have a broad usage.
The researcher exploited the zero-day vulnerability in TP-Link RE365 Wi-Fi extender with firmware version 1.0.2, build 20180213 Rel. 56309. However, after internal testing, TP-Link confirmed that three other models are also affected: RE650, RE350 and RE500.
What’s mostly surprising about CVE-2019-7406 is that it can be exploited by a remote attacker without requiring login/authentication to the Wi-Fi extender device. This means that privilege escalation is not required, because extenders already run with root-level access. This default condition is quite risky as attackers can perform a wide range of attacks.
“The sort of impact one can expect from such unauthenticated access is, for example, requesting the device to browse to a botnet command and control server or an infection zone,” the researcher sad. “The thought of a Mirai infection on IoT devices is, of course, one of the first things that come to mind, where automated scripts could potentially run as root on this type of a device if the vulnerability is exploited.”
It’s highly advisable to mitigate the risk caused by CVE-2019-7406 by implementing compensating controls or a patch as soon as one becomes available, Wypychmembers concluded.