Best-selling router ships with vulnerable firmware

Researchers at CyberNews have uncovered security flaws within the default firmware and the web interface app of the TP-Link AC1200 Archer C50 (v6) router. The router -- an 'Amazon's Choice' product -- is shipped with outdated firmware that is vulnerable to dozens of known security flaws and could put users at risk of man-in-the-middle and Denial of Service attacks. Among the flaws WPS is enabled by default, potentially allowing threat actors to brute-force the router. Session tokens are not deleted server-side after logging out of the router app and are accepted for subsequent login procedures. The router's administrator credentials and… [Continue Reading]