Several TP-Link Wi-Fi routers are reportedly being flagged by the Indian government due to their firmware, which is vulnerable to several security issues.
Due to the security risk impacting TP-Link routers, attackers could circumvent current security measures, giving them complete control over these devices. According to ONEKEY, a cybersecurity company based in Germany, remote, unauthenticated attackers can obtain elevated rights on the device and execute arbitrary commands.
The Indian Computer Emergency Response Team advisory said TP-Link routers are vulnerable because unique parts utilized in the binary known as test were not correctly neutralized. This binary exposes a network service susceptible to unauthenticated command injection.
Since it was also using firmware version 1_1.1.6, the TP-Link Archer C5400X gaming router was found to pose a real security risk. According to reports, updating to the most recent firmware version should resolve the issue with TP-Link routers.
Norway's Warning on VPNs
Governments worldwide continue to heed warnings concerning various cybersecurity-related software and infrastructure. According to the Norwegian National Cyber Security Centre, SSLVPN/WebVPN solutions should be replaced by organizations with safer alternatives after multiple cyberattacks proved to be the cause of these vulnerabilities.
The NCSC officially advises SSL VPN/WebVPN product customers to convert to IPsec with Internet Key Exchange (IKEv2) instead of Internet Protocol Security (IPsec).
SSL/TLS protocols, SSL VPN, and WebVPN offer secure remote access to a network via the internet. An "encryption tunnel" secures the link between the user's device and the VPN server. IPsec with IKEv2 encrypts and authenticates every packet with frequently renewed essential keys to secure connections.
The cybersecurity organization believes switching to IPsec with IKEv2 would significantly lower the attack surface for incidents involving secure remote access because it is less forgiving of configuration errors than SSLVPN.
Several additional countries, including the United States and the United Kingdom, have recommended IPsec over competing protocols. The NCSC suggests moving to 5G broadband in scenarios where IPsec connections are not feasible.
For companies whose VPN solutions do not support IPsec with IKEv2, the NCSC has also provided temporary alternatives. These firms require time to plan and carry out the conversion.
Wi-Fi Security Tips
Virgin Media previously suggested that users thoroughly examine their routers to guarantee optimal security and effectiveness. Virgin Media also advised users to position their routers away from shared walls, ensuring the signal remains within their household.
The placement of the Wi-Fi router is one of the fundamental aspects often overlooked. This simple adjustment minimizes the risk of unauthorized access and enhances network security. Changing Wi-Fi passwords regularly also provides an essential defense against unauthorized access.
Virgin Media also advised using a combination of characters to create strong passwords. Changing the network's name, or SSID, can also add an extra layer of security, making it less recognizable to potential intruders.