According to PTA Advisory, security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution.
Two vulnerabilities have been discovered in Netcomm routers that could lead to remote code execution (CVE-2022-4873 and CVE-2022-4874). These include a case of stack-based buffer overflow and authentication bypass.
Similarly, two unpatched security vulnerabilities have also been reported in TP-Link routers that could lead to information disclosure (CVE-2022-4499) and remote code execution (CVE-2022-
PTA has asked consumers to update their Netcomm and TP-Link routers to the latest firmware versions to mitigate the vulnerabilities and to use secure and complex credentials for the router’s login.
The PTA has recommended regularly monitoring the network traffic and looking out for any suspicious activities and using strong and unique passwords for the router’s admin account.
The advisory has suggested that consumers disable remote management on their router, if not required, and to report PTA CERT Portal in case of any incident.