Finding a RCE in my old TP-Link router

8 points by mtlynch

mtlynch

So far, I have not been paid bug bounties for any of the vulnerabilities I have found.

I don't understand the point of reporting this to TP-Link. The attack requires admin privileges, so it's essentially a jailbreak to let the owner run arbitrary software on their own device.

Why do free work for a billion dollar company to restrict how customers can use their own devices?

arcayr

Comment removed by author
untitaker

I'm frankly surprised that TP-Link patched it given that it requires admin privileges. There are a couple unpatched CVEs in some of its routers (not going to link here) that all require admin.

I suspect that either those CVEs were not directly brought up with TP-Link, or that due to the US's recent changes in import restrictions there's much more incentive to fix. Sad times.