Addressing vulnerabilities of the M5350

We at TP-Link are aware of the security flaw in the 3G Mobile Wi-Fi Routers M5350, M5360 and M5250. After diagnosing the issue, we have identified a cross-site scripting (XSS) bug in the existing firmware. After sending a specific script command to the device via text message, the bug is triggered, replying with the device's administrator credentials in order to obtain access and control.

TP-Link has updated and released an update to the affected firmware to eliminate this vulnerability, and customers may download it directly from the product support page at the official TP-Link website (link here).

For the models that are affected by this XXS bug, we have provided updated, secure firmware that can be downloaded and installed to your device:

ž   3G Mobile Wi-Fi Router M5350 (Universal version) (South America version)

ž   3G Mobile Wi-Fi Router & Power Bank M5360 (Universal version)

ž   3G Mobile Wi-Fi Router M5250 (Universal version)

TP-Link strongly advises owners of these models to download these new firmware versions as soon as possible to avoid any security breach.

TP-Link is committed to serving customers while maintaining their security and apologizes for this security flaw. We will continue to prioritize the user moving forward.

For further questions or concerns, please contact TP-Link through the support page on the official website: http://www.tp-link.com/support.

For further questions or concerns, please contact TP-Link through the support page on the official website: http://www.tp-link.com/support.

This Article Applies to:
M5360( V2 ) , M5350( V2 ) , M5250( V1 )
Security Advisory | Updated 04-21-2017 09:06:45 AM