Deco P9 PLC security issue

Deco P9 PLC security issue

Deco P9 PLC security issue
Deco P9 PLC security issue
a week ago - last edited Yesterday
Model: Deco P9  
Hardware Version: V2
Firmware Version: 1.2.1_build_20240929_Beta

Deco p9 doesn't set random password for PLC encryption during device pairing.

Default password is used to encrypt PLC communcations.

 

This is severe security issue. Traffic between Deco P9 which are using PLC backhaul can be eavesedropped.

@David-TP 

 

Please address this issue to your dev team... this must be fixed.

  1      
  1      
#1
Options
1 Accepted Solution
Re:Deco P9 PLC security issue-Solution
Friday - last edited Yesterday

  @kld39 

Hi, Nice to see you again, and Thank you for your time and patience.

I have consulted the senior engineers and they are confident that there isn't any security concern about the PLC communications. We haven't received any similar feedback either.  So please make sure your current firmware is up-to-date and if you already noticed any potential risk, please feel free to contact our security team:

https://www.tp-link.com/en/press/security-advisory/

 

Thanks again and best regards.

Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:Deco P9 PLC security issue-Solution
Friday - last edited Yesterday

  @kld39 

Hi, Nice to see you again, and Thank you for your time and patience.

I have consulted the senior engineers and they are confident that there isn't any security concern about the PLC communications. We haven't received any similar feedback either.  So please make sure your current firmware is up-to-date and if you already noticed any potential risk, please feel free to contact our security team:

https://www.tp-link.com/en/press/security-advisory/

 

Thanks again and best regards.

Recommended Solution
  1  
  1  
#2
Options