that got attacker admin rights
TP-Link has repaired a leak in its Archer routers. This made it possible to change the configuration of the device. IBM researchers have discovered the leak and call it a ‘zero day’, but there is no evidence that the leak has been actively abused.

The leak gets the designation CVE_2017_7405. The vulnerability was discovered by IBM security researchers and applies to the Archer C5 routers of TP-Link, with firmware version 16.0 0.9.1 v600c.0 Build 180124 Rel.28919n. According to the researchers, it is possible to get on the router via Telnet and then exploit the leak. Attackers can get into the network from a distance and move through the network. Attackers can also get on ftp servers. The attackers could get admin rights on the router with the vulnerability.

It’s an overflow vulnerability. If an attacker entered a password that had a certain length, the password field was replaced by an empty value that was always accepted. In addition, users could only log in to the router as admin with root rights, giving an attacker a lot of possibilities in the system.

IBM calls the leak a zeroday, but does not give examples of where the leak was actively abused. TP-Link has now released a patch that will close the leak.