Misfortune Cookie Vulnerability
Please contact NCF or bring it over if you are unsure on how to proceed.
As long as you have the following hardware versions and the latest corresponding firmware versions installed, then you are not affected. - TD-W8951ND: hardware v5, v6; firmware TD-W8951ND_V5_141114, TD-W8951ND_V6_141027 - TD-8816: hardware v8; firmware TD-8816_V8_140311
Firmware version can be identified by executing the following steps: - Verify hardware version - how to find hardware version, see http://www.tplink.ca/en/Article/?id=46 - Connect your desktop or laptop to the modem via Ethernet cable - this can't be done via Wi-Fi! - Launch a browser and type in the URL 192.168.1.1 - User: admin, PW: NCF_DSL_PW - Click on the Maintenance tab - Click on the Firmware tab and verify that your version is as indicated above
1. If your modem is marked as v5 or v6, apply firmware update 141114 immediately.
2. Vulnerability is blocked from the Internet by disabling WAN ACL (log to 192.168.1.1, enter admin/DSL password, click on Access management, verify ACL is Activated, Interface LAN is selected. NCF started verifying this on all modems since July/August 2014. NCF checked and Remote Management is disabled.
3. Vulnerability is blocked from the LAN by using a strong Wi-Fi password (NCF applies DSL password here). If your Wi-Fi is open, your modem is open to any attack.