Deco P9 PLC security issue

Deco P9 PLC security issue

Deco P9 PLC security issue
Deco P9 PLC security issue
2024-11-11 13:49:01 - last edited 2024-11-21 00:32:39
Model: Deco P9  
Hardware Version: V2
Firmware Version: 1.2.1_build_20240929_Beta

Deco p9 doesn't set random password for PLC encryption during device pairing.

Default password is used to encrypt PLC communcations.

 

This is severe security issue. Traffic between Deco P9 which are using PLC backhaul can be eavesedropped.

@David-TP 

 

Please address this issue to your dev team... this must be fixed.

  1      
  1      
#1
Options
1 Accepted Solution
Re:Deco P9 PLC security issue-Solution
2024-11-15 09:37:51 - last edited 2024-11-21 00:32:39

  @kld39 

Hi, Nice to see you again, and Thank you for your time and patience.

I have consulted the senior engineers and they are confident that there isn't any security concern about the PLC communications. We haven't received any similar feedback either.  So please make sure your current firmware is up-to-date and if you already noticed any potential risk, please feel free to contact our security team:

https://www.tp-link.com/en/press/security-advisory/

 

Thanks again and best regards.

Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:Deco P9 PLC security issue-Solution
2024-11-15 09:37:51 - last edited 2024-11-21 00:32:39

  @kld39 

Hi, Nice to see you again, and Thank you for your time and patience.

I have consulted the senior engineers and they are confident that there isn't any security concern about the PLC communications. We haven't received any similar feedback either.  So please make sure your current firmware is up-to-date and if you already noticed any potential risk, please feel free to contact our security team:

https://www.tp-link.com/en/press/security-advisory/

 

Thanks again and best regards.

Recommended Solution
  1  
  1  
#2
Options