Cybersecurity specialists report the detection of two critical vulnerabilities in some router models manufactured by the technology firm TP-Link. According to the report, successful exploitation of these flaws would allow threat actors to deploy all kinds of attacks against vulnerable systems.

Below are brief descriptions of the reported flaws, in addition to their respective tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-35004: A boundary error within the handling of DNS responses for TP-Link TL-WA1201 routers would allow remote non-authenticated threat actors to send specially crafted DNS messages, thus triggering a stack-based overflow and running arbitrary code on the affected system.

This is a medium-severity flaw that received a CVSS score of 7.7/10 and resides in all versions of the affected router below v2.

CVE-2021-35003: On the other hand, a boundary error within the handling of DNS responses for TP-Link Archer C90 routers would allow malicious remote hackers to send specially crafted DNS messages and run arbitrary code on the affected system.  

The vulnerability received a CVSS score of 8.5/10 and resides in all versions of Archer C90 routers below v6.

While both flaws can be exploited by unauthenticated remote threat actors, cybersecurity experts have not detected active exploitation attempts related to these reports. Still, TP-Link recommends users of affected deployments upgrade as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical remote code execution vulnerabilities in TP-Link Archer C90 and TL-WA1201 routers appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

KCodes NetUSB kernel RCE vulnerability impacts millions of routers

SentinelOne cybersecurity specialists report the detection of CVE-2021-45388, a severe remote code…

Critical vulnerability in Hewlett Packard Enterprise products exposes affected systems to hackers

Hewlett Packard Enterprise (HPE) has issued a security alert inviting its users…

13 important vulnerabilities affecting SAP environmental compliance. Update immediately

In its latest security update, SAP announced the patching of a total…