Flaws in Wavlink-branded devices allow remote code execution and, if necessary, take control of a home network. These products are to be avoided.
The website cybernews.com has just revealed critical flaws in a whole series of Wavlink branded Wi-Fi routers. Of Chinese origin, these entry-level devices are sold among others on Amazon and eBay. In the United States, they are also available at Walmart under the Jetstream brand.
The flaws allow executing an arbitrary code on the router from the moment the user is connected to it. Granted, it doesn’t happen every day to connect to your router, but security researchers point out that the hacker can program an endless loop of requests that automates things. Then you just have to wait.
This hack is possible due to undocumented access that was intentionally created to execute code remotely. In other words, it is a back door. Why does it exist? Hard to say. Given the abysmal quality of the code found elsewhere on this router, this is probably an error. Either way, this allows hackers to potentially take control of a home network. These devices are therefore to be forgotten.
Source : cybernews.com