Researchers found that there are thousands of TP-Link routers used all over the globe that are vulnerable to exploitation by several hacking groups.
Hackers from the following countries may be able to exploit these vulnerable routers in order to steal information:-
In order to exploit TP-Link routers, hackers can use the following methods in a collaborative effort:-
- RCE vulnerability (CVE-2022-30075 with CVSS Score:8.8)
- Credential leaks
On the Russian dark web forums, these loopholes are being offered for sale openly for illicit purposes. Threat actor groups and cybercriminals could also exploit the vulnerability of TP-Link routers to launch severe cyberattacks against vulnerable networks.
Tools & Exploits in Dark Web Forums
There have been several reports of hackers working with other hackers around the world to exploit the RCE (CVE-2022-30075) to gain access to the TP-Link system.
There have been a number of reports of leaked credentials of TP-Link products being sold on the dark web in Russian forums.
Hackers can abuse them to gain access to vulnerable devices and exploit the underlying vulnerabilities to gain unauthorized access.
TP-Link Router AX50 firmware 210730 and older versions have recently been found to be vulnerable to a critical RCE flaw discovered two months ago.
According to the Cyfirma report shared with Cyber Security News, This is a web-based attack, associated with CVE-2022-30075, where a malicious backup file is imported through a web interface. A backup and restore functionality flaw could allow an attacker to exploit the vulnerability and carry out an RCE attack.
- CVE ID: CVE-2022-30075
- Description: Authenticated Remote Code Execution Vulnerability in TP-Link routers.
- CVSS Score: 8.8
- Exploits: Link (June 2022)
As a result of this vulnerability, different law enforcement agencies have released various advisories, and here they are mentioned below:-
- In a report published on 13 June 2022, CISA outlined the vulnerability but did not assign it a CVSS score.
- Under the category of “Other Vulnerabilities,” Sing CERT published about this flaw on 22 June 2022 with a CVSS Score of 8.8.
- CERT-IN notified publicly on 01 September 2022 that TP-Link routers are vulnerable to a “Critical” flaw and exploitable to arbitrary code execution.
TP-Link routers, in many cases, are still unpatched for the vulnerabilities that have already been identified in them.
However, for now, it is not possible at this stage to isolate any specific group of cybercriminals who exploit these routers.
The vulnerability of the TP-Link routers could be exploited by an attacker from a country with a bad reputation for relations with other nations in order to launch a cyberattack against them.
While having a footprint on such vulnerable devices is necessary for it to be possible to make this kind of action.
But, security experts have strongly urged users to immediately patch their vulnerable TP-Link routers and their software to the most recent version.
Cyber Attack with Zero Trust Networking – Download Free E-Book