A new zero-day flaw has been discovered in a TP-Link Wi-Fi extender, according to an IBM blog post published today.
Wi-Fi extenders, also called repeaters, are commonly used devices that amplify a Wi-Fi signal inside of a home. IBM said they are most commonly used in large or multistory homes, or in places where the router’s reach isn’t sufficient for all parts of the home. Commonly available at nearly every electronics store, the extender “captures the Wi-Fi signal from the main router and rebroadcasts it to areas where the Wi-Fi is weak or nonexistent.” IBM said, “The vulnerability at hand is somewhat surprising because it can be exploited by a remote attacker without requiring login/authentication to the Wi-Fi extender.”
IBM reported that IBM X-Force researcher Grzegorz Wypych discovered a zero-day flaw in a TP-Link Wi-Fi extender as part of a recent series of vulnerabilities discovered in home routers. If exploited, IBM said “this remote code execution (RCE) vulnerability can allow arbitrary command execution via a malformed user agent field in HTTP headers. This means that a remote attacker could get complete control over the device and command it with the same privileges of the device’s legitimate user.” With this access, cybercriminals can then gain access to the broader network and access more sensitive data.
IBM reported that it found and exploited the vulnerability in the TP-Link RE365 Wi-Fi extender with firmware version 1.0.2, build 20180213 Rel. 56309. It further noted that TP-Link confirmed that three other Wi-Fi extender models are impacted by the zero-day vulnerability: RE650, RE350, and RE500. IBM said that the vulnerability is attached to CVE-2019-7406. TP-Link has already developed patches for the vulnerability for all impacted models.
Despite providing patches, TP-Link has not commented publicly on the vulnerability at this time.