A Firmware Modification Vulnerability During Firmware Update in TP-Link TL-WR743ND Wireless Routers Affected Products: TP-Link TL-WR743ND V1 (Firmware Version: 3.12.20 and earlier) Possible impact on other TL-WR743ND series devices Overview: An exploitable firmware modification vulnerability was discovered in TP-Link TL-WR743ND wireless routers. Attackers can bypass firmware verification and install malicious firmware images, resulting in DoS, malware, or backdoor planting. Details: Firmware update process uses web interface. The firmware image structure includes [header, bootloader, header, kernel, rootfs]. Headers contain MD5 checksums for data integrity verification. During a firmware update, the web server compares the checksums. An attacker can replace checksums in the header after modifying the firmware image. Communication during firmware delivery uses plain HTTP, without cryptographic protection. An attacker with a privileged network position could develop a malicious firmware image. The vulnerability was exploited through a proof-of-concept attack. Proof of Concept: 4 bytes were modified in the range 0x102C to 0x102F from 0x077C6EC0 to 0x00000000. Checksums in the firmware header were adjusted. The modified firmware image was successfully flashed, bypassing verification.