made no attempt to make its users aware about the critical bug, or relay the methods to prevent an unforeseen breach. A new report details on TP-Links lapse of efficiency, and says that the bug allows an unethical hacker to gain full access to an affected router.
TechCrunch reports that TP-Link WR740N router has a critical vulnerability since 2017, and a patch was quickly made available. But when the patch was recently searched for, it wasn’t available on the company’s firmware page. The publication reached out to TP-Link, and the company said that the “update was currently available when requested from tech support” only. Soon after, the company updated its firmware page to include the latest security patch.
The vulnerability was first discovered by founder of UK cybersecurity firm Fidus Information Security, Andrew Mabbit. He made TP-Link aware of the issue in October 2017 in its WRN940N router, which the company quickly issued a patch for. In 2018, the same bug was found in the TP-Link WR740N router, and the patch was also released for that router as well. However, the patch was not live for the WR740N router until the publication reached out and made TP-Link aware about it.
The fix for both the routers is now live on the company website. TP-Link says that it has discontinued the WR740N routers, but Shodan and Binary Edge search engines reportedly suggest that somewhere between 129,000 and 149,000 devices are on the Internet, however vulnerable device numbers will be low. In any case, TP-Link should be more proactive in alerting customers of the vulnerability and asking them to install the patch, rather than waiting for the customer to contact support.