Recently, security experts from IBM X-Force discovered a remote code execution vulnerability (CVE-2019-7406) in the TP-Link Wi-Fi Extender. The vulnerability could be exploited by an unauthenticated remote attacker by triggering a malformed HTTP request, allowing an attacker to execute arbitrary shell commands on the target Wi-Fi extender. The attack does not require a privilege escalation because all processes on the vulnerable device are running with root privileges. The TP-Link Wi-Fi expander models affected by this vulnerability are RE365, RE650, RE350, and RE500.
Affected models and versions
- TP-Link Wi-Fi extenders RE365(EU)_V1_190528 Previous version
- TP-Link Wi-Fi extenders RE650(EU)_V1_190521 Previous version
- TP-Link Wi-Fi extenders RE350(EU)_V1_190516 Previous version
- TP-Link Wi-Fi extenders RE500 (EU)_V1_190521 previous version
Unaffected models and versions
- TP-Link Wi-Fi extenders RE365(EU)_V1_190528
- TP-Link Wi-Fi extenders RE650(EU)_V1_190521
- TP-Link Wi-Fi extenders RE350(EU)_V1_190516
- TP-Link Wi-Fi extenders RE500(EU)_V1_190521
TP-Link has released a firmware update to fix this vulnerability and has released a separate update for each affected model’s Wi-Fi extender.
Firmware update link for each model: