Security experts in Poland have discovered a treacherous backdoor in various router models made by TP-Link. When a specially crafted URL is called, the router will respond by downloading and executing a file from the accessing computer, reports Michał Sajdak from Securitum.
The expert says that when a browser sends an HTTP GET request to http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html, the contacted router will establish a connection back to the visitor's IP and contact any TFTP server there. It will retrieve a file called nart.out from the TFTP server and execute it as root. However, this normally only works within a local network; an indirect exploit such as a CSRF attack should fail because the required TFTP server must be accessible within the LAN.
http://www.h-online.com/security/ne...ackdoor-found-in-TP-Link-routers-1822720.html
At least it isn't accessible from the WAN!