Cyber Security News

Hackers Target TP-Link Vulnerability to Gain Full System Control

Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control over the system.

This exploit allows unauthorized users to access the root shell credentials, giving them unrestricted access to manipulate and control the router.

Here is a summary of the affected product and how the vulnerability can be exploited:

Affected Product Details

Product InformationDetails
ManufacturerTP-Link
ModelTL-WR845N
Firmware Versions AffectedTL-WR845N(UN)_V4_190219, TL-WR845N(UN)_V4_200909, TL-WR845N(UN)_V4_201214
Vulnerability ExploitedWeak root shell credentials

The vulnerability allows hackers to extract the root shell credentials from the router’s firmware.

The firmware can be obtained either by physically accessing the router’s SPI Flash memory or by downloading it from TP-Link’s official website.

Once extracted, tools such as binwalk or FirmAudit can be used to analyze the firmware and extract files.

The root password is stored in MD5 hash format in the squashfs-root/etc/passwd and squashfs-root/etc/passwd.bak files.

This hashed password can be easily cracked using tools like hashcat or John the Ripper to reveal the password as “1234.” The username, “admin,” is stored in plain text.

Steps to Exploit the Vulnerability

  1. Obtain Firmware: Get the firmware either through SPI Flash memory or download from the official website.
  2. Extract Files: Use tools like binwalk to extract files from the firmware. Command: $ binwalk -e firmware.bin
  3. Access Credentials: Go to the squashfs-root/etc directory and find the passwd and passwd.bak files.
  4. Reveal Credentials: Use commands like $ cat passwd or $ cat passwd.bak to view the username and hashed password.
  5. Crack Password: Use tools like hashcat or John the Ripper to crack the MD5 hashed password, which reveals as “1234.”
  6. Validate Credentials: Use UART port communication to validate the credentials by entering the login command and providing the username and password.

This vulnerability poses significant risks as it allows malicious actors to gain full control over the router, potentially leading to unauthorized access, data theft, and even the spread of malware.

Recommendations:

  • Users are advised to update their firmware as soon as an updated version is available.
  • Implement robust security practices, such as using strong passwords and enabling WPA3 encryption.
  • Regularly monitor router activity for suspicious behavior.

This exploit highlights the importance of regularly updating router firmware and maintaining strong security protocols in networks.

Users should remain vigilant and adopt best practices to protect their devices from similar vulnerabilities.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago