TP-Link TL-WR840N V5 V6.20 UART shell
Obtaining root privileges on devices with physical access can be complicated and simple.
A hardware manufacturer is expected to disable hardware debugging interfaces in the end product of commercial products. Unfortunately, many manufacturers do not do this. It would be good to get manufacturers to pay more attention to security.
UART is also one such interface. It is a security issue in itself if it remains enabled. So-called UART shells can be restricted in many ways. It is recommended to set at least password protection.
For a long time, I thought it was not worth reporting such vulnerabilities because in most cases no one cares.
I have noticed that such vulnerabilities in network devices such as routers have recently begun to be reported. (Example: https://nvd.nist.gov/vuln/detail/CVE-2021-23147)
TP-Link TLWR840N EU v5/v.620 does not have sufficient protection for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication.
Model: TP-Link TL-WR840N EU v5Model: TP-Link TL-WR840N EU v6.20
Hardware setup with an FT232 device:
interactive admin/root shell without password:
