New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued an urgent advisory about a critical flaw in TP-Link routers which is a widely used brand in India’s internet infrastructure. CERT-In is renowned for quickly identifying flaws in popular software and devices like Apple, Windows, Google Chrome and Mozilla has highlighted a critical threat which might not be obvious to most users.
TP-Link routers which are essential for connecting devices like smartphones, laptops and tablets to the internet via Wi-Fi are at the centre of this concern. These routers serve as intermediaries between users and their internet service providers which allows seamless internet access without the need for physical cables. (Also Read: Poco F6 5G smartphone goes on sale in India on Flipkart; Check specs, price and discount offer)
What are the Affected TP-Link Routers?
CERT-In has identified a vulnerability in TP-Link Archer routers with versions prior to C5400X(EU)_V1_1.1.7 Build 20240510. Hence, Tp-Link routers using older firmware versions have this security flaw. (Also Read: What Is India’s EU-Like Anti-Trust Proposal That Irked Tech Giants Google, Amazon, Apple?)
What is the root cause of the problem according to CERT-In?
The issue stems from the improper neutralisation of a special element in a binary which is known as rf test. As outlined by CERT-In, this flaw exposes a network service to unauthenticated command injection.
How to protect your device:
To tackle this urgent matter, CERT-In recommends taking prompt action by patching TP-Link software without delay. Moreover, users are strongly encouraged to take proactive steps to bolster the security of their Wi-Fi networks and fend off potential threats:
1. Make sure to keep your router’s firmware up to date by installing the latest security patches provided by the manufacturers.
2. Avoid potential exploitation by changing the default login credentials. Replace commonly used usernames and passwords with unique and strong ones.
3. Safeguard your data transmissions from interception by utilising WPA3 or WPA2 encryption protocols.
4. Minimise risks by turning off remote management features which could potentially be exploited by unauthorised parties.