TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

30.05.2024

 

A critical security vulnerability has been identified in the TP-Link Archer C5400X gaming router, potentially allowing remote code execution by sending specially crafted requests.This vulnerability, designated as CVE-2024-5035, has a CVSS score of 10.0 and affects all firmware versions up to and including 1_1.1.6. The issue has been resolved in version 1_1.1.7, released on May 24, 2024.

“Exploiting this vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the device with elevated privileges,” according to a report published by the German cybersecurity firm ONEKEY on Monday.

The flaw originates from a binary related to radio frequency testing, “rftest,” which starts at boot and opens a network listener on TCP ports 8888, 8889, and 8890. This exposure enables remote unauthenticated attackers to achieve code execution.

Although the network service is intended to only accept commands beginning with “wl” or “nvram get,” ONEKEY discovered that this limitation could be easily bypassed by injecting commands after shell meta-characters like ; , & , or | (e.g., “wl;id;”).

TP-Link’s fix in version 1_1.1.7 Build 20240510 addresses the vulnerability by rejecting any command containing these special characters.

“TP-Link seems to have prioritized a fast or cost-effective solution for providing a wireless device configuration API, which led to the exposure of a supposedly limited shell over the network that clients within the router could use for wireless device configuration,” ONEKEY explained.

This disclosure follows recent revelations of security flaws in Delta Electronics DVW W02W2 industrial Ethernet routers (CVE-2024-3871) and Ligowave networking gear (CVE-2024-4999), which could also allow remote attackers to execute commands with elevated privileges. Notably, these flaws remain unpatched as the devices are no longer actively maintained, underscoring the importance of users taking steps to limit exposure of administration interfaces to mitigate exploitation risks.

Other news

Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.

Read More

Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack – 05.01.2024

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.

Read More
en_USEnglish