The Computer Emergency Response Team (CERT), functioning under the State Agency for Special Communications and Information Security of the Special State Protection Service of Azerbaijan, has issued a warning to users of TP-LINK routers, according to an announcement from CERT shared on Wednesday.
According to the announcement, TP-LINK routers contain a backdoor that allows hackers a simple and effective way of unauthorized access to user devices. A user performs a HTTP-request to the following address: http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html
The router connects to the IP-address that has made the request and tries to find a TFTP-server.
If the TFTP-server is found, the router downloads the file "nart.out". The downloaded file is run with the privileges of a root-user. The backdoor includes the following router models: TL-WDR4300, TL-WR743ND (v1.2 v2.0). However, this list may be incomplete.
According to CERT, vulnerability has not yet been resolved.