Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control over the system.
This exploit allows unauthorized users to access the root shell credentials, giving them unrestricted access to manipulate and control the router.
Here is a summary of the affected product and how the vulnerability can be exploited:
Product Information | Details |
Manufacturer | TP-Link |
Model | TL-WR845N |
Firmware Versions Affected | TL-WR845N(UN)_V4_190219, TL-WR845N(UN)_V4_200909, TL-WR845N(UN)_V4_201214 |
Vulnerability Exploited | Weak root shell credentials |
The vulnerability allows hackers to extract the root shell credentials from the router’s firmware.
The firmware can be obtained either by physically accessing the router’s SPI Flash memory or by downloading it from TP-Link’s official website.
Once extracted, tools such as binwalk or FirmAudit can be used to analyze the firmware and extract files.
The root password is stored in MD5 hash format in the squashfs-root/etc/passwd and squashfs-root/etc/passwd.bak files.
This hashed password can be easily cracked using tools like hashcat or John the Ripper to reveal the password as “1234.” The username, “admin,” is stored in plain text.
This vulnerability poses significant risks as it allows malicious actors to gain full control over the router, potentially leading to unauthorized access, data theft, and even the spread of malware.
Recommendations:
This exploit highlights the importance of regularly updating router firmware and maintaining strong security protocols in networks.
Users should remain vigilant and adopt best practices to protect their devices from similar vulnerabilities.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…