Menu
What's new
By:
Filters Better Search

TP-Link Archer High Vulnerability

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

coxhaus

Part of the Furniture
Here is a TP-Link security issue. Just glancing it recommends running an older software, but the older software is recommending another software, so I don't really know if there is a fix. Probably a good idea not to run it.

NVD - CVE-2023-31710

nvd.nist.gov nvd.nist.gov
 
Yes, TP-Link is a security issue. Best not to run in a network you want to be safe within.
 
Both V3 and V3.6 hardware revisions have newer firmware 230621 available. New AX21 routers are hardware revision v4.6 with different firmware.

1691964552139.png


github.com

My-CVE/TP-Link/CVE-2023-31710 at main · xiaobye-ctf/My-CVE

Contribute to xiaobye-ctf/My-CVE development by creating an account on GitHub.
github.com github.com
 
Last edited:
I guess this is another case for not running TP-Link. They expect you to buy new hardware for their software mistakes.

I kind of wonder whether they are really this bad at programming or maybe it will be a good hacking point for some Chinese group to hack which someone else pays for.
Mikrotik seems to have issues also. Bleeping computer just reported almost a million devices have issues. Microsoft reported them about a year or more reported them also. Response is always it is fixed.
www.bleepingcomputer.com

Super Admin elevation bug puts 900,000 MikroTik devices at risk

A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected.
www.bleepingcomputer.com www.bleepingcomputer.com
I would have to hunt for the Microsoft one but it is out there.
 
Last edited:
Simple firmware update is needed, nothing else. A new patched firmware is already available.
 
Online, no. But some choices are obviously bad.

IoT, apps, Apple, Google, and even '-Link' devices.
 
L&LD said:
Online, no. But some choices are obviously bad.

IoT, apps, Apple, Google,
Click to expand...
LOT apps and google I agree , why Apple ? I thought they were pretty much foolproof semi secure . Granted I have not been up on al security issues the past 4 years , but Apple was considered safe , are there specific issues /
 
jerry6 said:
but Apple was considered safe , are there specific issues
Click to expand...
Apple used to be considered "safer" in large part because they weren't a worthy target for hackers looking to hit the largest number of users they can. iPhone changed that. But Apple code is written by the same human beings that write everyone else's code. Humans aren't perfect programmers. Bugs have always exisited, and they always will.

IOS has never been that safe. All these jailbreaks that people used for years with every new IOS update? Keep in mind that for a jailbreak to exist, a security flaw must be present and exploited. That basically means that for a long time, every new major IOS release had at least one major security flaw present that allowed jailbreaking.

Then on top of that we've had issues where just sending a malicious SMS to an iPhone could crash it. That was a few months ago, so fairly recent.

That doesn`t mean IOS is bad. Just that it`s not the perfect solution that fanbois think it is, and it`s just as susceptible to security flaws as any other piece of code out there.
 
I use both Android and iOS devices. Apple has better screening of apps on App Store and apps are usually better quality or run better on 20 well known hardware devices. Android apps for 1000 known and unknown hardware devices are hit and miss and Google Play unfortunately allows virtually every BS possible including joke apps doing absolutely nothing.
 
www.macrumors.com

Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely...
www.macrumors.com www.macrumors.com



www.theverge.com

iOS 16.6.1 fixes a big iPhone security vulnerability used to install Pegasus spyware

Apple managed to patch the issue just a week after Citizen Lab reported it.
www.theverge.com www.theverge.com

www.nytimes.com

How to Fix Your iPhone’s Security Flaw (Published 2021)

A guide to updating your phone's software after researchers found that a flaw had infected billions of Apple products.
www.nytimes.com www.nytimes.com


Apple, for when you want to pay a lit premium to get maximally compromised.
 
L&LD said:
www.macrumors.com

Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely...
www.macrumors.com www.macrumors.com



www.theverge.com

iOS 16.6.1 fixes a big iPhone security vulnerability used to install Pegasus spyware

Apple managed to patch the issue just a week after Citizen Lab reported it.
www.theverge.com www.theverge.com

www.nytimes.com

How to Fix Your iPhone’s Security Flaw (Published 2021)

A guide to updating your phone's software after researchers found that a flaw had infected billions of Apple products.
www.nytimes.com www.nytimes.com


Apple, for when you want to pay a lit premium to get maximally compromised.
Click to expand...
Thanks have a few family members that use apple products .That is what I like about SNB one stop shop , security networking , saves me time used to read 20 dif forums for all the news I get here
 
Last edited:
jerry6 said:
Thanks have a few family members that use apple products .That is what I like about SNB one stop shop , security networking , saves me time used to read 20 dif forums for all the news I get here
Click to expand...

Just keep in mind that there are a lot of anti-Apple folks out there that like to take cheap shots when they can...

Apple is actually in a good spot as they control the hardware, tool chain, kernel, and userland - because of their vertical integration across their platforms, they can implement a fix fairly quickly - the downside is that a vuln can impact things across all their platforms - it happens, but not very often.

They're in a much better spot than Windows or Android to be honest, and that is because of the close integration inside their platform.

Every platform out there is under some level of risk - Mac/Windows/Android/Linux/ChromeOS/Android/iOS and all the linux/bsd's out there - and the supposed bastions of security for enterprise networks - Cisco, PaloAlto - they have had their fair share of exploits lately.

Honestly - I think this is a good thing - the fact the people are finding these things, and reporting them - it's all good, as then they can be remediated...
 
Tech9 said:
Android apps for 1000 known and unknown hardware devices are hit and miss and Google Play unfortunately allows virtually every BS possible including joke apps doing absolutely nothing.
Click to expand...

GMS and the PlayStore actually have methods and means to patch things to some degree outside of the Vendor and Chipset provider SDK's...

The big risk for Android is side-loading to bypass PlayStore - that and backdooring of bundled apps - good example here is in China, the keyboard app enhancements were recording and sending keystrokes back to Tencent and Baidu and that data was correlated back to the UUID - while that is a concern itself, consider that Tencent runs WeChat...

For some, that's a problem, because when you install and login to WeChat, the first thing it does is hoover up all your contacts and uploads them to the QQ servers...

Let's not not talk about TikTok - it's the same issue as WeChat - but on a larger scale, as it doesn't just look at your contact list, it looks at everything that you post, and they start correlating data based on views and likes...

It's all social media, so I suppose Threads/Instagram/Facebook Messager/Facebook (itself)/X (formerly known as twitter) and all the like, it's similar...

The only difference is the government that they are reporting in to...

Folks talk about the great firewalls of China, Iran, and Russia - but I'm concerned also about what's happening here in the US...
 
Facts are not cheap shots.

A single entity can more easily hide/ignore known vulnerabilities too, when they control the whole vertical chain. As Apple has been known to do, and Google, and...

The benefits are not proportional to the risks they still impose on their users (of which, they really don't care about).
 
12 years ago I began switching over to Apple products for myself and the family. I got tired of broken Windows updates, Windows updates that would take hours, and on and on. Apple stuff just flat out works and integrates so well between devices. There isn't anything I can think of that I have missed out on by using Apple products exclusively. On the odd occasion that I need to do something that is Windows only, I use my dual boot MacBook Air and boot into Windows 11. If that makes me a fanboy, so be it, it doesn't bother me.
 
bluzfanmr1 said:
If that makes me a fanboy, so be it, it doesn't bother me.
Click to expand...
Preferring Apple products to Microsoft does not make you a fanboy, it just makes you... an Apple product user. Nothing wrong with that.

Fanbois would be people with blind brand devotion, who thinks that everything Apple does is always perfect and everything else is always bad.
 
L&LD said:
A single entity can more easily hide/ignore known vulnerabilities too, when they control the whole vertical chain. As Apple has been known to do, and Google, and...
Click to expand...

I respectfully disagree - Apple and Google have methods to address things when they happen - not everything is severity 10 up front.

The challenge with Google and Android is ASOP - there are devices that don't implement GMS or PlayStore, so they cannot be hot-patched on top of the OS - most of those devices are either TV's or Cheap over the top set-top boxes...

ChromeOS is likely the most common OS that is fairly secure these days...
 
RMerlin said:
But Apple code is written by the same human beings that write everyone else's code. Humans aren't perfect programmers. Bugs have always exisited, and they always will.
Click to expand...

This is a great statement... and this applies towards any software/platform

Code indeed is written by individuals that read specs and write code around those specs - not everyone is at the same skill level.
 
You must log in or register to reply here.

Similar threads

Voxel
Voxel Custom firmware build for Orbi LBR20 v. 9.2.5.2.43SF-HW
Replies
4
Views
1K
Voxel
Voxel
Voxel
Voxel Custom firmware build for Orbi RBK50/RBK53 (RBR50, RBS50) v. 9.2.5.2.33SF-HW
Replies
10
Views
2K
quackamole
Q
Voxel
Voxel Custom firmware build for R7800 v. 1.0.2.107SF
2
Replies
20
Views
3K
ulaganath
U
Voxel
Voxel Custom firmware build for R9000/R8900 v. 1.0.4.73HF
Replies
3
Views
969
Kitsap
K
Voxel
Voxel Custom firmware build for R7800 v. 1.0.2.105SF
Replies
15
Views
3K
HUHA
H
Similar threads
Thread starter Title Forum Replies Date
PR3MIUM News Mirai DDoS malware variant expands targets with 13 router exploits [D-Link, TP-Link Archer, Yealink, Zyxel...] General Network Security 10
sfx2000 Security - D-Link VPN devices recommended to remove/replace.. General Network Security 0
O US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks General Network Security 14
D News [Ars] Critical takeover vulnerabilities in EOL'd D-Link NASes are being exploited General Network Security 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 872 (members: 35, guests: 837)
Top