SomeTP-Link routers vulnerable to attack

Posted on Monday, November 04 2013 @ 14:00 CET by Thomas De Maesschalck
A number of routers from TP-Link have been found to be vulnerable to a website-based DNS hijacking attack. The vulnerability enables attackers to access the web-based administration page of the routers and also the hijacking of DNS requests to redirect users to phishing and other malicious websites. Full details at Hexus.
The following devices are confirmed to be vulnerable:

  • TP-Link WR1043ND V1 up to firmware version 3.3.12 build 120405 is vulnerable (version 3.3.13 build 130325 and later is not vulnerable)
  • TP-Link TL-MR3020: firmware version 3.14.2 Build 120817 Rel.55520n and version 3.15.2 Build 130326 Rel.58517n are vulnerable (but not affected by current exploit in default configuration)
  • TL-WDR3600: firmware version 3.13.26 Build 130129 Rel.59449n and version 3.13.31 Build 130320 Rel.55761n are vulnerable (but not affected by current exploit in default configuration)
  • WR710N v1: 3.14.9 Build 130419 Rel.58371n is not vulnerable
  • Some other untested devices are also likely to be vulnerable

    Lell helpfully provides a step-by-step method for people to check to see if their router could be exploited by the newly discovered vulnerability (near the bottom of his article). Meanwhile if you have an affected router it is recommended that you change the default login/password, opt not to save that info in the browser, open a new browser before logging into your router, then restart your browser after finishing your administrative fiddling.


  • About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments