Comment by jeroenhd
4 years ago
From my experience with TP-LINK software, you don't need to worry about this attack. The attack demonstrated is complex, requires physical proximity and a lot of knowledge about the target.
Meanwhile, your router will probably give any attacker root if they ask it nicely. TP-Link doesn't seem to care about device security at all if you're already paid for the device, so don't expect any updates and expect a whole range of vulnerabilities to be exploitable against your router.
Now, it must be said, TP-Link is no D-Link, a company that almost seems to add security problems to their software intentionally with their awful software quality, but if you're conscious about security, any consumer device will probably have a whole bunch of exploits that would work easier and more reliably.
EDIT: replaced the word "access" with "proximity" to avoid confusion.
> requires physical access
What? You just need a high enough gain antenna and you can carry it out much further away than it appears your wifi reaches. Isn't physical access, being able to touch the computer?
I suppose I used the term wrong, but you do need to be within receiving range and depending on the attack you need to win a race condition, so it's not that far from the generally accepted use of "physical access".
Meanwhile, many consumer routers can be hacked by adding something similar to <img src=192.168.1.1/admin/changesettings.cgi/> to a page or malicious ad. I don't think general consumers should be worried about someone aiming a high gain antenna at your router unless you work at a company dealing with sensitive information or places like embassies. The alternatives are much easier and much cheaper to execute.
Quite a few people are working from home these days. Stuff that used to be contained in hardwired office PCs is now flying over home WiFi.