04-02-2019, 02:24 AM
hello guys. This is a serious issue with SR20 routers by tp-link. Though it can only be used from the LAN side. it is called ACE or arbitrary code execution.
https://en.wikipedia.org/wiki/Arbitrary_code_execution
If I understand right, it is because they didn't remove the debug binary from the router firmware in production hardware. Here are the details uncovered by a Google dev,
https://twitter.com/mjg59/status/1111106885736787975
They have not issued any update to plug the hole yet. Which is sad.
Do you have that router ?
be careful. cause once someone backdoors it from the LAN side, it persists. Now say you have one infected machine in local. so in theory the remote access to that machine can be used to backdoor the router, after which all the other systems are open too.
here is proof of concept,
https://pastebin.com/GAzccR95
https://en.wikipedia.org/wiki/Arbitrary_code_execution
If I understand right, it is because they didn't remove the debug binary from the router firmware in production hardware. Here are the details uncovered by a Google dev,
https://twitter.com/mjg59/status/1111106885736787975
They have not issued any update to plug the hole yet. Which is sad.
Do you have that router ?
be careful. cause once someone backdoors it from the LAN side, it persists. Now say you have one infected machine in local. so in theory the remote access to that machine can be used to backdoor the router, after which all the other systems are open too.
here is proof of concept,
https://pastebin.com/GAzccR95
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.