DECO M4 are vulnerable

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

DECO M4 are vulnerable

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
DECO M4 are vulnerable
DECO M4 are vulnerable
2021-04-11 06:47:07 - last edited 2021-06-30 08:25:16
Model: Deco M4  
Hardware Version:
Firmware Version:

Hi All
I recently purchased this DECO 4 and setup as a access point and also checked for any firmware uptes and there werent any. Then i performed vulnerability assessment tests on them and found the following vulnerbilities
1. Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
2. SSL Medium Strength Cipher Suites Supported (SWEET32)
3. SSL RC4 Cipher Suites Supported (Bar Mitzvah)
4. TLS Version 1.0 Protocol Detection
5. Transport Layer Security (TLS) Protocol CRIME Vulnerability
6. SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

Kindly let me know how can we fix this as these can be exploited by a attacker.

Regards
Chaitanya

  0      
  0      
#1
Options
1 Accepted Solution
Re:DECO M4 are vulnerable-Solution
2021-06-30 08:25:11 - last edited 2021-06-30 08:25:16

Hi @AndyCx and all, 

 

The vulnerabilities reported on this thread should have been fixed on the latest official firmware, you can update your Deco device to the latest version to confirm.

 

The latest official firmware for the Deco M4 is 1.5.0_20210511, which can be downloaded from the TP-Link official website:

Download for Deco M4

 

 

Recommended Solution
  0  
  0  
#6
Options
5 Reply
Re:DECO M4 are vulnerable
2021-04-12 01:51:24

@TaurusMF 

Hi, thank you very much for your kind feedback.

I would be glad to forward your case to the senior engineers for further assistance and please have a check of your email box later;

Thanks a lot.

  0  
  0  
#2
Options
Re:DECO M4 are vulnerable
2021-06-01 08:10:56

@TP-Link I have also found the same about the security of deco M4 , can you explain it to me

TP-Link wrote

@TaurusMF 

Hi, thank you very much for your kind feedback.

I would be glad to forward your case to the senior engineers for further assistance and please have a check of your email box later;

Thanks a lot.

 

  0  
  0  
#3
Options
Re:DECO M4 are vulnerable
2021-06-01 08:28:03
what tool did you do against your deco - would like to test the x20 as well
  0  
  0  
#4
Options
Re:DECO M4 are vulnerable
2021-06-29 10:52:04

@TP-Link Hi, any update on these M4 vulnerabilities?

  0  
  0  
#5
Options
Re:DECO M4 are vulnerable-Solution
2021-06-30 08:25:11 - last edited 2021-06-30 08:25:16

Hi @AndyCx and all, 

 

The vulnerabilities reported on this thread should have been fixed on the latest official firmware, you can update your Deco device to the latest version to confirm.

 

The latest official firmware for the Deco M4 is 1.5.0_20210511, which can be downloaded from the TP-Link official website:

Download for Deco M4

 

 

Recommended Solution
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 2489

Replies: 5

Related Articles