According to PTA Advisory, security flaws in Netcomm and TP-Link routers have been discovered, some of which could be exploited to achieve remote code execution.
Two vulnerabilities in Netcomm routers have been discovered, which could lead to remote code execution (CVE-2022-4873 and CVE-2022-4874). Among these are a stack-based buffer overflow and authentication bypass.
Similarly, two unpatched security vulnerabilities in TP-Link routers have been reported, which could result in information disclosure (CVE-2022-4499) and remote code execution (CVE-2022- 4498).
PTA has advised customers to update their Netcomm and TP-Link routers to the most recent firmware versions in order to mitigate the vulnerabilities, as well as to use secure and complex passwords for router login.
The PTA suggests regularly monitoring network traffic for suspicious activity and using strong and unique passwords for the router’s admin account.
The advisory recommends that consumers disable remote management on their routers if it is not required and report any incidents to the PTA CERT Portal.