Updating your wireless router with a new model from Amazon is of course a good idea if you work from home but a new research from CyberNews has revealed that one of the most popular router of TP-Link is often displayed on a giant eCommerce store ship with vulnerable firmware.
Shenzhen-based TP-Link is the number one Wifi network products manufacturer in the world with annual sales of 150m devices and 42 percent share of the global consumer WLAN market. The company router is also often awarded the “Amazon Options” badge in the “WiFi Router” category in Amazon.
TP-LINK AC1200 Archer C50 (V6) is the best-selling Wi-Fi router “Amazon” best-selling in the UK and mainly sold in the European market even though other versions are also available at the Amazon online store in the US.
During his investigation into this router, CyberNews found many deficiencies in default firmware and its web interface. For this reason, the news outlet recommends that all the AC1200 Panch C50 (V6) TP-LINK owners improve their devices to the latest firmware as soon as possible.
Known weakness in default firmware
According to Cybernews, the TP-LINK AC1200 Archer C50 (V6) is sent with a firmware that has been vulnerable to dozens of known security shortages. WPS is also enabled by default on devices that can allow attackers to force the router while admin credentials and configuration backup files are encrypted using a weak protocol that can be easily damaged.
At the same time, the default version of the web routers interface application suffers from some poor security and vulnerabilities including clickjacking, Charset Mismatch, Cookie Slack, Personal IP disclosure, Weak HTTPS encryption and more.
Fortunately, most of these shortcomings have now been patched but CyberNews shows that some are only patched halfway. For example, the backend router seems to still be secured in such a way that the attacker has the potential to find the entry point in the web interface and exploit the previous known deficiency.
CyberNews reaches the TP-Link to notify the company’s discovery and it is said that it will force firmware updates to devices affected while the owner will receive “relevant notifications” about this update through their management interface.
The lesson here is that while you might have bought a new device from Amazon or other online or offline retailers in this case, you still need to spend time and ensure that your router is updated to the latest firmware to protect your network and your data.