Information Security News

Tag: CWMP

  • Unauthenticated Root RCE Discovered in ipTIME Routers via CWMP Protocol

    Unauthenticated Root RCE Discovered in ipTIME Routers via CWMP Protocol

    by

    ddos
    in

    A critical vulnerability has been unearthed in ipTIME routers running firmware version 15.324, facilitating unauthenticated remote code execution. The flaw resides within the CPE WAN Management Protocol (CWMP), a standard utilized by Internet Service Providers (ISPs) to remotely orchestrate configuration adjustments, diagnostic evaluations, firmware deployments, and system reboots. The defect was identified by the researcher…

  • Critical Flaw Discovered in TP-Link Routers

    Critical Flaw Discovered in TP-Link Routers

    by

    ddos
    in

    Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of arbitrary code by bypassing Address Space Layout Randomization (ASLR). Tracked as CVE-2025-9961 (CVSS score: 8.6), the flaw was discovered in the CWMP (TR-069) service. Exploitation requires nothing more than a specially crafted SOAP request, granting attackers complete…

  • Warning: Zero-Day Flaw in TP-Link Routers Puts Users at Risk

    Warning: Zero-Day Flaw in TP-Link Routers Puts Users at Risk

    by

    ddos
    in

    TP-Link has confirmed the existence of a new zero-day vulnerability affecting several of its router models. The flaw was first identified by an independent security researcher operating under the alias Mehrun (ByteRay), who reported it on May 11, 2024. Yet, months later, a fix has still not been released for all impacted devices. The company…