From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id D13FE3CB42 for ; Mon, 24 Oct 2022 16:58:31 -0400 (EDT) Received: by mail-wr1-x432.google.com with SMTP id bk15so17951733wrb.13 for ; Mon, 24 Oct 2022 13:58:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=AnFU2XmpQc3G5ORd/+ojizqX7oAaq1gpwdJ9rPHal8Y=; b=iFsGbsem9b0NrrrlNtQ9sQfGVCftBvrRNtuGk+uURHpBvaB6iROzCn3IHUICadKrqZ f2K9SD38qm4Sqnv1Qu37Eza+EZ9mLHRU9S5vCajd3Me+nD8pHAGyMUhWRNccFQiYonYb 2avnWlEBapVqvmVbOJbEdSqWJyKQUKts69IFVfYwwW9BUEoBLjbhTIwrUCYr3nJP9c/l 3Tvd5wqmfwZ4jrZZhofkxl99LSBhOonXdkdS1Xno7GYB4zxkaRgIHSXO/2pKg9C3mDEe UbVzLyYQ9LXhIv5r9T9hPcE7Z1EquYuLSVFN3EIB+vIm7ny7pkPus2FVxUeaUgcG8GCQ 8nMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AnFU2XmpQc3G5ORd/+ojizqX7oAaq1gpwdJ9rPHal8Y=; b=A0UYf2eDYcbyPjYVerW31wumA9Nn6dRkzoo2HQsLdI2HxV2aG2Ue1WsmuMqWW39GUt ochZPrbB8P7gdkcopYOVN3cJ+cw9pU54uaZXosqCk+IZQu/ihlw3a+CO9iL17iovLbLc KsCk/4u36Wjc2oDnQAfIHarNQBJXyuhc9prWpJ4wwbCAIsWPSesKcb3SV24CwL4eX/vO jb7WnTfrFWTkfp3EJLnOwGMBwEA1ZZzb6DTdwK89SmBmdLjUfaQKJRQly2F2HU4x7Mo1 /rX3D6lfJt+HgtRSxMdack07b//tJjBVDZqbG52vF6kzrB649uGR2PmAKytt9mv8wpaj mK/g== X-Gm-Message-State: ACrzQf2zSuOKpYC0pb9SUtwgmDxeOpfcCvhdkjRU+nrjZlqq0PHqhNoe OB37bK00ry8FSG7e6UpbAwHwibefIDvdViLpQKb9kKZPaxc= X-Google-Smtp-Source: AMsMyM78wf/5sALRrCNWjIRflaRvE9kKUkzhfRKyfx/CaOnVijUrg9eYXXklWJHqrCOfvY8kTIVUruCzxFk/4Re/eUo= X-Received: by 2002:adf:f242:0:b0:236:68ef:e76e with SMTP id b2-20020adff242000000b0023668efe76emr7124084wrp.482.1666645110175; Mon, 24 Oct 2022 13:58:30 -0700 (PDT) MIME-Version: 1.0 From: Dave Taht Date: Mon, 24 Oct 2022 13:58:18 -0700 Message-ID: To: libreqos@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [LibreQoS] that tp-link eap615-wall unit's CVEs X-BeenThere: libreqos@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Many ISPs need the kinds of quality shaping cake can do List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2022 20:58:32 -0000 I briefly took apart the GPL drop tp-link provides for this. I pretty much do this for every product that I think about using... that has good, or looking to be good, openwrt support. I've been working primarily on mt76 derived chipsets, like this one, for the past year. The GPL drop is corrupt, you cannot get the whole thing (it might be me) https://www.tp-link.com/us/support/gpl-code/ The gpl drop contains linux-4.4.198, which was released oct 19th, 2019. There were 279 total releases of 4.4, most of which were CVEs. Long term support for this kernel was dropped last year. The libs I was able to see before the tarball went boom were: arp hotplug2-201.test lzo-2.07 wireless_tools.29 busybox-1.20.2 iperf-2.0.5 net-snmp-5.7.2 zlib-1.2.7 dropbear-2018.76 iptables-1.4.5 openssl-1.0.2q ebtables-v2.0.9-2 libpcap-1.1.1 tcpdump-4.2.1 There are at least *6* CVEs in userspace, a bunch in busybox and probably one in ssl, and a couple in dropbear. I didn't check the others. https://www.cvedetails.com/vulnerability-list/vendor_id-4282/product_id-745= 2/year-2019/Busybox-Busybox.html https://www.cvedetails.com/vulnerability-list/vendor_id-15806/Dropbear-Ssh-= Project.html there doesn't appear to be a local dns server, dnsmasq had a bunch of CVEs over the years. it's unclear how they would be doing dhcp without it, unless they are bridging back to the main unit to do that. Now, at least TP-link has a gpl policy ( https://www.tp-link.com/us/support/gpl-code/) so you can see what lies underneath (cambium and ubnt since their spat, haven't, and that's a problem), and sometimes updates their firmware. So I would actually call this product "good" by modern standards, and if the cloud controller is any good, perhaps that's the only way to break into the unit. Note that "if". We've struggled a lot with the wifi-6 products in openwrt, and this one is "barely" supported now. The 6ghz stuff has very poor range when I last looked and I've not had any 6ghz gear to drive tests with until recently. But at least the openwrt wifi has a pretty decent fq_codel version in the present release. In general I recommend folk buying "new" products take a quick look at the gpl drop to see how "new" they really are. --=20 This song goes out to all the folk that thought Stadia would work: https://www.linkedin.com/posts/dtaht_the-mushroom-song-activity-69813666656= 07352320-FXtz Dave T=C3=A4ht CEO, TekLibre, LLC