A threat actor has allegedly advertised a remote code execution (RCE) exploit targeting TP-Link routers, claiming that the tool can infiltrate devices, persist undetected, and spread autonomously across networks. The post describes a highly sophisticated exploit designed to compromise routers running LuCI-based firmware.
According to the alleged claims, the exploit enables attackers to gain full control over targeted TP-Link routers by injecting commands via a supposed vulnerability. The tool is said to exfiltrate sensitive data, disable security defenses, and propagate to other routers using default credentials. The seller asserts that the payload includes an AES-256 encrypted backdoor, allowing long-term access to compromised devices.
The post further suggests that the exploit is available for purchase, with pricing starting at $1,000 for the base script and $2,000 for a “full package” that includes support and testing. The actor behind the alleged sale emphasizes that this is a high-end hacking tool, comparing its capabilities to mass RCE kits that can fetch up to $5,000 on underground markets.
