These Wi-Fi extenders had vulnerabilities that gave hackers complete control

If you’re using one of these TP-Link Wi-Fi extenders, patch your device.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The TP-Link RE650 Wi-Fi range extender (right) works with routers such as the TP-Link Archer C2300 (left). The RE650 is one of four Wi-Fi extenders affected by a security vulnerability, researchers say.


Extending your Wi-Fi range could also extend your chance of getting hacked. Security researchers from IBM  have found a critical vulnerability with Wi-Fi extenders from TP-Link, a popular router company. 

The vulnerability allowed a potential attacker to get control of the extender, which could be used to redirect the victim's traffic and lead people to malware, IBM said in a blog post Tuesday.

Wi-Fi extenders are commonly used in homes where the router's range can't cover the entire house. They boost signals so that people can use their devices or connect internet-of-things gadgets like security cameras and doorbells from far away. But like routers, they're open to vulnerabilities and require maintenance and patching if you want to keep your network secure.

Locating local internet providers

The extenders affected by the vulnerability included the RE365, the RE650, the RE350 and RE500, IBM said. The flaw was discovered by Grzegorz Wypych, an IBM X-Force researcher. IBM said TP-Link has released updates for affected users. 

TP-Link didn't respond to a request for comment.

Locating local internet providers

Watch this: Finding our personal data on the dark web was far too easy

The potential attacker doesn't need to be within the extender's Wi-Fi range to exploit the vulnerability, Limor Kessem, IBM X-Force's global executive security adviser, said in an email.

The attack works by sending a malicious HTTP request to the Wi-Fi extender. The vulnerability on TP-Link's Wi-Fi extender allows a potential attack to execute commands from the request. This access is normally limited, IBM explained.

The attacker would need to know the extender's IP address to exploit the vulnerability, but you can find thousands of exposed devices on IoT search engines like Shodan

"Bear in mind that this level of privilege could allow potential attackers to carry out more sophisticated malicious activity by executing any shell command on the device's operating system," Kessem said in an email.

Potential attacks include redirecting people to pages with malware, as well as taking over the routers to use as part of a botnet.

Meet the Wi-Fi 6 routers that support 802.11ax

See all photos