Technical analysis by the Malware Hunter JAMESWT

TP-Link routers have an active backdoor, at least on two models, thanks to a Wi-Fi network with hidden SSID, created by the device in client mode. This acts as a bridge to access it

Do TP-Link routers and access points have a backdoor, which allows a remote attacker to access and take control of them in just a few steps? At least two models of the device, TL-WA701ND and TL-WR802N, in client mode create a Wi-Fi network with hidden SSID. This can act as a bridge to the victim’s “clear” one, thus becoming a backdoor. Moreover, this happens whether they have the original firmware or updated. It is unclear whether the issue also affects other device models. It is certain, however, that it is still active, despite being present since the release of the TL-WA701ND.

The two models with the backdoor

The client mode with the backdoor