Some TP-Link ADSL modem router's security problem statement

User Application Requirement
Updated 03-26-2015 08:44:00 AM 3835

Recently we have found a security problem on some TP-Link’s ADSL modem routers. You may also have noticed this security problem on some other website like http://thehackernews.com/2014/01/TP-Link-Routers-password-hacking.html# .

 

Here is the description of this security problem:

Hackers can try to visit some special URL to download the backup file of some TP-Link’s ADSL modem routers, and this operation doesn’t need any authorization. After hackers have got the backup file, they can upload these backup files to some special website to obtain the administrative password of the TP-Link modem routers. At last, the hackers can use the administrative password to remotely control these TP-Link modem routers.

 

Here is the statement of this security problem:

Now we have already confirmed this security problem, and we have also confirmed it that this security problem can only be exploited when you have enabled the remotely access function on your TP-Link modem routers. Actually all TP-Link modem routers’ latest universal firmware had disabled remotely access function by default. So you can firstly check whether your modem router’s firmware is the latest. You can click the following link to download the latest firmware of TP-Link ADSL modem routers support/download/?pcid=203 .

If your modem router’s firmware is already the latest, then you don’t need to worry about this security problem as long as you haven’t manually enabled remotely access function on your modem routers.

 

If you insist on using remotely access function on your modem routers, then this security problem does exist and can be exploited by hackers.

So we have decided to release the new official firmware of all related products which will solve this problem as soon as possible. By then, you can use remotely access function freely.

 

If you still have any question about this security problem, please click the following link to send an e-mail to us support/contact/ .


If you don’t know whether you have enabled remotely access function on your modem router or you want to disable remotely access function on your modem router now, please follow the guidance below.

Step 1

Please log into the management webpage of your modem router, and go to Access Management -> ACL.

 

Step 2

By default, the configurations should be just like the following picture shows (the parameter value of Interface is LAN). You just need to make sure your modem router’s configurations are exactly the same.  

 

Step 3

If you don’t know how to configure ACL on your modem router, please click this link article/?faqid=476 .


 

After these steps, your modem router’s remotely access function will be disabled. In this way, all hackers can’t download your modem router’s backup file without any authorization, and your modem router will be secure and safe.

 

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.