[rudra]

hello guys. This is a serious issue with SR20 routers by tp-link. Though it can only be used from the LAN side. it is called ACE or arbitrary code execution. 

https://en.wikipedia.org/wiki/Arbitrary_code_execution

If I understand right, it is because they didn't remove the debug binary from the router firmware in production hardware. Here are the details uncovered by a Google dev,

https://twitter.com/mjg59/status/1111106885736787975

They have not issued any update to plug the hole yet. Which is sad.

Do you have that router ? 
be careful. cause once someone backdoors it from the LAN side, it persists. Now say you have one infected machine in local. so in theory the remote access to that machine can be used to backdoor the router, after which all the other systems are open too.

here is proof of concept,

https://pastebin.com/GAzccR95

[sagher]

When you victim with this attack? after updating your main firmware or something else? i think you try to downgrade main firmware with secure release. but mostly it is not possible to downgrade firmware via normal practice. but i have an clue if the problem is same as i said.

[rudra]

i don't own that router and no. i didn't find it out myself. A Google engineer did. I gave the twitter post above.

I wonder why you would say that. Is my English getting that bad ?!

There will probably never be patched firmware. cause i found that there are lots of other routers that have LAN side issues like this and didn't get any updates.

Also there is no autoupdate or pushing update for routers. So even if they did, most of those already sold would remain not updated and vulnerable.

[Mashiro]

Another saga of hardware scrap.

OEM router firmware is quite a horrible thing. A lot of cheap brands, TP-Link is certainly one of them, don't bother with updates for their products much. So you really just almost instantly buy hardware scrap with security holes in the installed software that no one will ever fix.

You need luck! Not every router out there has the luxus of receiving custom open source firmware. After all this custom firmware could fix the issues as it is driven by a big community and a lot of developers. However as mentioned before if you router isn't popular enough... it might not see the light of custom firmware ever.

I stopped buying products from companies like this. TP-Link, D-Link and other brands. They all do this. Don't support such behaviour! Thanks to people who buy this hardware scrap there are millions of zombies out there awaiting their masters commands.

[sagher]

@rudra i am just confused. as above you write a subject for the specific router model. " tp-link SR20 router". so i replied you accordingly. i am not talking about upgrade. i am talking about downgrade. as @HR said. TP-link is not so good brand. D-link is more preferable then this. anyways. if you have exist a hardware then many ways to fix it. if not then it is just an article. what can i say.

[rudra]

@HR
thanks. Thats a cool idea. From now on, i'll make it a point to ensure that the model has a opensource firmware before i go buy the router. I use a router by tp-link now and this particular variant has no open firmware yet. though under discussion. But that does not bother me much. I only use it inside Lan to share a central storage.

[Mashiro]

When buying such products it is important to buy something that gets constant firmware updates until the product itself reaches End of Life (no longer being produced, support being dropped, no longer being sold and etc). If the company doesn't bother to provide any updates through the lifetime of that product... it isn't even worth to buy it.

Another thing to consider with custom firmware is of course also the same as above. If you find custom firmware that is a few years old... it's probably not a good idea to use it. Could be worse than the OEM firmware (if the OEM firmware is newer).


I hate this whole "throwaway society" and "planned obsolescence" to squeeze money out of people. Back in my younger days products used to be repaired and maintained properly. Nowadays... "Oh this little piece is broken. Buy a new one or here you have a new one". Everywhere... Change a lightbulb in your car today? Forget it. It's all LED and you have to change the whole module at insane costs. And you can't even change it yourself.

Anyway that's off topic. ^

[humanpuff69]

The bug is very serious es[escially the persistence part . It mean that once infected it is infected and it can also still infected even with firmware upgrade if what they do just fix a hole but they will not do it anyway because of the planned obsolecence shit