Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control over the system.
This exploit allows unauthorized users to access the root shell credentials, giving them unrestricted access to manipulate and control the router.
Here is a summary of the affected product and how the vulnerability can be exploited:
Product Information | Details |
Manufacturer | TP-Link |
Model | TL-WR845N |
Firmware Versions Affected | TL-WR845N(UN)_V4_190219, TL-WR845N(UN)_V4_200909, TL-WR845N(UN)_V4_201214 |
Vulnerability Exploited | Weak root shell credentials |
The vulnerability allows hackers to extract the root shell credentials from the router’s firmware.
The firmware can be obtained either by physically accessing the router’s SPI Flash memory or by downloading it from TP-Link’s official website.
Once extracted, tools such as binwalk or FirmAudit can be used to analyze the firmware and extract files.
The root password is stored in MD5 hash format in the squashfs-root/etc/passwd and squashfs-root/etc/passwd.bak files.
This hashed password can be easily cracked using tools like hashcat or John the Ripper to reveal the password as “1234.” The username, “admin,” is stored in plain text.
This vulnerability poses significant risks as it allows malicious actors to gain full control over the router, potentially leading to unauthorized access, data theft, and even the spread of malware.
Recommendations:
This exploit highlights the importance of regularly updating router firmware and maintaining strong security protocols in networks.
Users should remain vigilant and adopt best practices to protect their devices from similar vulnerabilities.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…
SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…
F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…
The healthcare sector has emerged as a prime target for cyber attackers, driven by the…
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…