ER605 Standalone Configuration & Reported Nessus Vulnerability
What a breeze to set up. Alot of functionality. I installed it as the boundary router for the incoming WAN and daisy chained my NETGEAR R6260 behind it with it's WAN pointing to the ER605 LAN. This setup increased the stability & performance of my network with zero buffering now during media streaming on all 3 of my Firesticks and the 14 other hosts on my network. Amazing little router.
The only issue is that the NESSUS vulnerability scan shows the following critical finding on the ER605: Plugin ID 150154 NGINX 1 Byte Memory Overwrite RCE with known exploitations.
I contacted TP-Link Support about this issue and asked about updating nginx to the latest version which is the reported solution. I'm hopeful they can address this in a future firmware release.
These are the Nessus findings that could be resolved if they can update nginx to the latest release:
CRITICAL / Plugin ID 150154 / nginx 0.6x < 1.20.1 1-Byte Memory Overwrite RCE
HIGH / Plugin ID 118150 / nginx < 1.10.1 / 1.11.x < 1.11.1 Denial-of-Service Vulnerability
HIGH / Plugin ID 118151 / nginx Data Disclosure Vulnerability
MEDIUM / Plugin ID 118956 / nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Mulitple Vulnerabilities
MEDIUM / Plugin ID 134220 / nginx < 1.17.7 Information Disclosure
Nessus scores the CRITICAL Byte Memory Overwrite RCE vulnerability as the most dangerous to network security with the ER605.
**** UPDATE: Tech Support responded back about this issue and advised that the ER605 is unaffected by this vulnerability but that they would patch NGINX in the February firmware upgrade anyway ****