A1TechRescue

08/02/2026

17/11/2025

Did You Know?

Your router protects your home network from the internet. Or it's supposed to. Two major vendors just proved it doesn't. 😅

ASUS: CVE-2025-59367 (CVSS 9.3)
TP-Link: CVE-2025-7850 + CVE-2025-7851 (CVSS 9.3 + 8.7)

Both disclosed November 2025. Both critical. Both letting attackers walk right in.

ASUS routers: No password required.

The vulnerability affects ASUS DSL-AC51, DSL-N16, and DSL-AC750 routers. Authentication bypass.

If your router's management interface is exposed to the internet, an attacker can connect remotely without any credentials. No username. No password. Direct admin access.

Many routers have remote management enabled by default. Some ISPs enable it for "support purposes." Either way, if the admin panel is reachable from outside your network, CVE-2025-59367 makes it completely open.

What can attackers do with admin access? Change your WiFi password and lock you out. Redirect your traffic through their servers. Monitor every device on your network. Use your router to attack other people, making it look like the attacks come from you.

TP-Link: They "fixed" it. Then researchers rooted it again.

Last year, CVE-2024-21827 let attackers get root access through leftover debug code in TP-Link routers. TP-Link patched it in 2024.

Except the debug code is still there. They just made it harder to reach.

Forescout researchers found CVE-2025-7850 and CVE-2025-7851. The patch addressed the original bug but left two problems: the debug functionality stayed in the firmware, just hidden behind a private key check. And if attackers can bypass that check, the entire debug system becomes available again.

The researchers did exactly that. They found CVE-2025-7850, a command injection flaw in the WireGuard VPN settings. An authenticated admin can inject operating system commands that execute with root privileges.

But here's where it gets worse: their protocol analysis showed CVE-2025-7850 can be exploited without credentials in certain network configurations. What looked like a local-only bug turned into a remote attack vector.

Using root access from these two bugs, they found 15 more vulnerabilities across other TP-Link device families. All under coordinated disclosure. All expected to be patched Q1 2026.

The pattern? TP-Link patches individual bugs but doesn't fix the underlying code problems. The vulnerabilities keep coming back in different forms.

Botnets already target these routers.

In May 2025, AyySSHush botnet compromised over 9,000 ASUS routers. It installed persistent SSH backdoors that survive reboots.

Quad7 botnet specifically targets TP-Link routers. It chains vulnerabilities to infect devices, then uses thousands of compromised home routers to launch password spray attacks against Microsoft 365 accounts.

The attacks work because they come from residential IP addresses spread across multiple countries. To Microsoft's systems, it looks like normal login attempts. But it's coordinated, using your router as part of the attack infrastructure.

Check if you're affected.

ASUS DSL router owners: If you have DSL-AC51, DSL-N16, or DSL-AC750, update to firmware 1.1.2.3_1010 immediately.

TP-Link router owners: Affected models include ER605v2, and multiple Omada/Festa VPN router families. Check TP-Link's security advisory for your specific model and apply the latest firmware.

ISP-provided routers: Many ISPs rebrand consumer routers. Dutch ISP Ziggo rebranded the TP-Link Archer C7 as "Wifibooster Ziggo C7." Check what hardware you actually have in your own country...

For routers that won't get patches: Use strong, unique passwords for both WiFi and router admin (20+ characters minimum). Disable remote access from WAN. Turn off port forwarding, DDNS, VPN server, DMZ, and FTP unless you specifically need them. Or replace the router with a currently supported model.

11/11/2025

DID YOU KNOW ?!

Your Windows PC has a fax modem driver from 2006. You've never owned a fax machine. (Okay, maybe you have. But stick with me...) It's there. On EVERY Windows version. And it's been exploited. 😏

CVE-2025-24990. Microsoft's legacy code nightmare.

Here's the crazy part: A driver for old fax modems (ltmdm64.sys) has been quietly sitting on every Windows system since 2006. Possibly even Windows XP - this driver has been around that long. Windows 7, 10, 11, Server 2022, Server 2025. ALL of them.

The driver was designed for hardware nobody uses anymore. Fax modems.

But it runs with the highest system permissions possible.

Here's what's happening:

→ Driver has a security hole that lets attackers become admin
→ Works even if you don't have a fax modem
→ Sitting on every Windows computer by default
→ Has been actively exploited in the wild

Every Windows PC you've ever used. Your work laptop. Your home computer. Your company's servers. All had this security hole sitting there since 2006.

And nobody noticed.

Microsoft's solution? They're deleting the driver completely instead of fixing it.

Translation: "This 19-year-old code is so broken we're just removing it."

Security researcher Ben McCarthy explained it: "This driver is from before we knew how to write secure code. It has the highest permissions on your system. That makes it perfect for attackers."

Researchers think hackers use it to bypass antivirus and security tools.

The timeline is ridiculous:

→ 2006: Driver ships with every Windows version
→ October 2025: Researchers discover hackers are using it
→ Microsoft's fix: Just delete it

Every Windows version since 2006.
→ Windows 7, 10, 11
→ Windows Server 2022, 2025
→ Even if you never used a fax modem

Want to check if the driver is still on your system?

Press Windows + R
Type: C:\Windows\System32\drivers
Look for: ltmdm64.sys

Still there? Update immediately.

CISA (U.S. security agency) required federal agencies to patch this immediately.

Old code kills security. This driver sat on billions of computers for 19 years before anyone noticed it was broken.

Hackers noticed.

Your antivirus didn't.

This is why ethical hackers exist. We find old security nightmares like this before criminals use them.

21/09/2024

Today's Task is to replace this DC port on an Acer Aspire 3 series laptop.

20/08/2024

Hey afternoon everyone hope everyone is having a great day. I have been busy (still am) working on my website.

Since I moved in April last yr. I have been behind the scenes working hard on my skill base. I have renamed the business as part of a refresh you may have seen this an wondered why.

Well I thought new house new start. The Terriers are getting older an wont be around forever, However I hope my business will be. So in doing this it meant I lost all my genuine reviews via google I had to start a new page.

My new refreshed website can be found at A1TechRescue.UK

Now this is a genuine call out to anyone I have done work for over the years could I please ask you to take a short moment & leave me a short review ?!

https://g.page/r/Cel3ieq42BiMEAE/review

Thank you so so much for all the custom over the years. I hope to see you all again in the future for your Tech issues.

Post a review to our profile on Google

19/07/2024

A major Microsoft outage wreaked havoc worldwide, disrupting computer systems, grounding flights, and crippling banks, stock exchanges, payment systems, and emergency services.

Banks, airlines, telecommunications companies, TV and radio broadcasters, and supermarkets have all been taken offline after encountering blue screen of death error screens on Windows workstations.

The outages are seemingly due to a CrowdStrike-related issue. Crowdstrike, the cybersecurity company, confirmed seeing these blue screens in various locations and is investigating the cause. The issue appears to be linked to its Falcon Sensor product.

18/07/2024

The 'mobile community gateway capability' could allow Starlink to serve large commercial users at sea and possibly in the air.

28/03/2024

Acer Aspire 3 Top Cover replacement due snapped hinge. & DC Port replacement.