TP-Link Zero Day
Google security researcher Matthew Garrett recently found a zero day in the TP-Link SR20 router. This is a router and smart home hub in one device, designed to integrate and manage your smart home automation. The exploit can’t be taken advantage of remotely, so thankfully these routers aren’t necessarily exposed to attackers on the internet.
It’s still a serious bug though, involving something called a downgrade attack. One example of this is a hacker forcing the router to use a non-encrypted connection. Mr. Garrett contacted TP-Link about this, but he didn’t get a reply, even though TP-Link’s page says “Security engineers and other technical experts can [use this form] to submit feedback about our security features.”
So for now, it doesn’t sound like there’s a fix for this. Again, it’s not a super serious bug, but a good idea (for any router) is to go into your admin settings web page and make sure remote access features are turned off.