DECO M4 are vulnerable
Hi All
I recently purchased this DECO 4 and setup as a access point and also checked for any firmware uptes and there werent any. Then i performed vulnerability assessment tests on them and found the following vulnerbilities
1. Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
2. SSL Medium Strength Cipher Suites Supported (SWEET32)
3. SSL RC4 Cipher Suites Supported (Bar Mitzvah)
4. TLS Version 1.0 Protocol Detection
5. Transport Layer Security (TLS) Protocol CRIME Vulnerability
6. SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Kindly let me know how can we fix this as these can be exploited by a attacker.
Regards
Chaitanya
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @AndyCx and all,
The vulnerabilities reported on this thread should have been fixed on the latest official firmware, you can update your Deco device to the latest version to confirm.
The latest official firmware for the Deco M4 is 1.5.0_20210511, which can be downloaded from the TP-Link official website:
- Copy Link
- Report Inappropriate Content
Hi, thank you very much for your kind feedback.
I would be glad to forward your case to the senior engineers for further assistance and please have a check of your email box later;
Thanks a lot.
- Copy Link
- Report Inappropriate Content
@TP-Link I have also found the same about the security of deco M4 , can you explain it to me
TP-Link wrote
Hi, thank you very much for your kind feedback.
I would be glad to forward your case to the senior engineers for further assistance and please have a check of your email box later;
Thanks a lot.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@TP-Link Hi, any update on these M4 vulnerabilities?
- Copy Link
- Report Inappropriate Content
Hi @AndyCx and all,
The vulnerabilities reported on this thread should have been fixed on the latest official firmware, you can update your Deco device to the latest version to confirm.
The latest official firmware for the Deco M4 is 1.5.0_20210511, which can be downloaded from the TP-Link official website:
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2454
Replies: 5
Voters 0
No one has voted for it yet.