Debugging shell with root privileges in routers TP-Link WR740
There is a hidden debugging shell with root privileges in routers TP-Link WR740.
|Models:||WDR740N, WDR740ND and possibly others
Update: People have been reporting on forums that models WR743ND,WR842ND,WA-901ND,WR941N,WR941ND,WR1043ND,WR2543ND,MR3220,MR3020,WR841N also have access to this root shell.
|Firmware version:||3.12.11 Build 111130 Rel.55312n and possibly others|
|Impact:||Debugging shell with root privileges.|
|Attack vector:||Local and remote.|
TP-Link WDR740ND/WDR740N routers have a hidden debugging shell with root privileges that could be abused by attackers.
The username is hard coded in the HTTP server binary and the password cannot be changed from the management interface so the following credentials are almost guaranteed to work:
Using this shell attackers may add malicious routing rules or change configuration files.
Go to http://ip/userRpmNatDebugRpm26525557/linux_cmdline.html and enter the credentials "osteam:5up"