lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAMnQS+10grja1zgEkhc7SoQ1On2HK=3hygR24oB8yrubpQzFXg@mail.gmail.com>
Date: Thu, 26 Apr 2018 15:32:43 +0100
From: Andrew Mabbitt <andrew@...usinfosec.com>
To: fulldisclosure@...lists.org
Subject: [FD] [RCE] TP-Link Remote Code Execution CVE-2017-13772 v2 - >180,
 000 affected devices

Title: [CVE-2017-13772] TPLink TLWR740N Remote Code Execution
Blog URL: https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2/
Vendor: TP-Link
Date Published: 26/04/2018
CVE: CVE-2017-13772


** Vulnerability Summary


A remote code execution vulnerability was identified in TP-Link's
WR740N home WiFi router. Valid credentials are required for this
attack path. It is possible for an authenticated attacker to obtain a
remote shell with root privileges. This vulnerability of a clone of

CVE-2017-13772 reported by the Fidus team last year. There are
currently >180,000
affected devices searchable on Shodan.

** Vendor Response The vendor response has been lacking and a patch has
still not been released after 3 months. ** Report Timeline 25/1/18 –
Initial contact with description of issue, contact with security@...link.com
26/1/18 – Reply from TP-Link asking for more details, sent them the details
for CVE-2017-13772 (wr940n model).
1/2/18 – TP_Link inform us they are looking into the issue.
15/2/18 – Request from us for an update.
30/2/18 – Request from us for an update.
26/3/18 – Another request for an update, warning of public disclosure sent.
28/3/18 – Reply from security@...link.com, inform us they are releasing a
patch in the “recent days”.
29/3/18 – security@...link.com send us beta firmware to fix the issue.
29/3/18 – Sent a reply to security@...link.com to confirm the issue fixed.
9/4/18 – Request for an estimate for when the firmware goes live.
18/4/18 – Another request, another warning of public disclosure sent.
26/4/18 – No reply received, public disclosure of vulnerability. ** Credit
This vulnerability was discovered by Tim Carrington @__invictus_, part of
the Fidus Information Security research team. ** References
https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2/
<https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/> **
Disclaimer This advisory is licensed under a Creative Commons Attribution
Non-Commercial Share-Alike 3.0 License:
http://creativecommons.org/licenses/by-nc-sa/3.0/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists