This top TP-Link router ships with some serious security flaws

News
By published

Best-selling router ships with outdated and vulnerable firmware

TP-Link AC1200 Archer C50 (v6)
(Image credit: TP-Link)

Upgrading your wireless router with a new model from Amazon is certainly a good idea if you're working from home but new research from CyberNews has revealed that one of the most popular routers from TP-Link frequently featured on the ecommerce giant's store ships with vulnerable firmware.

Shenzhen-based TP-Link is the world's number one manufacturer of consumer WiFi networking products with yearly sales of 150m devices and a 42 percent share of the global consumer WLAN market. The company's routers are also often awarded “Amazon's Choice” badges in the “WiFi router” category on Amazon.

The TP-Link AC1200 Archer C50 (v6) is the best-selling “Amazon's Choice” Wi-Fi router in the UK and is mainly sold within the European market though another version is also available on Amazon's online store in the US. 

During its investigation into this router, CyberNews found numerous flaws within its default firmware as well as its web interface. For this reason, the news outlet recommends that all TP-Link AC1200 Archer C50 (v6) owners upgrade their devices to the latest firmware as soon as possible.

Known flaws in default firmware

According to CyberNews, the TP-Link AC1200 Archer C50 (v6) ships with outdated firmware that is vulnerable to dozens of known security flaws. WPS is also enabled by default on the device which could allow an attacker to brute-force the router while its admin credentials and configuration backup files are encrypted using weak protocols that could easily be broken.

At the same time, the default version of the router's web interface app suffers from multiple bad security practices and vulnerabilities including clickjacking, charset mismatch, cookie slack, private IP disclosures, weak HTTPS encryption and more. 

Thankfully most of these flaws have now been patched but CyberNews points out that some were only patched halfway through. For instance, the backend of the router still seems to be secured in such a way that an attacker could potentially find an entry point within the web interface and re-exploit previously known flaws.

CyberNews reached out to TP-Link to inform the company of its discoveries and it said that it will force firmware updates on the affected devices while owners will receive “relevant notifications” about these updates via their management interface.

The lesson here is that while you may have purchased a brand new device from Amazon or any other online or offline retailer for that matter, you still need to take the time and ensure that your router is updated to the latest firmware to protect your network and your data.

Via CyberNews

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A hacker wearing a hoodie sitting at a computer, his face hidden.
I just learned something awful about my home Wi-Fi setup thanks to iFixit’s ‘worst of CES 2025’ awards
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
China
US government mulls entire TP-Link product ban - routers, switches and more all set to be blocked
cables going into the back of a broadband router on white background
Netgear urges users to patch major router security issues now
Security
Zyxel says it won’t patch security flaws in its old routers
One of the best wifi router picks against a techradar background
The best WiFi routers in 2025: our top picks for wireless connectivity
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Fingers typing on a computer keyboard.

Microsoft 365 Personal vs Microsoft 365 Family: are there any real differences?

See more latest
Most Popular
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
A hand reaching out to touch a futuristic rendering of an AI processor.
Researchers want to embrace Arm's celebrated paradigm for a universal generative AI processor; a puzzling MEGA.mini core architecture
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight