Critical Flaw in TP-Link Archer C5400X Router Allows Remote Command Execution
Critical Flaw in TP-Link Archer C5400X Router Allows Remote Command Execution
A critical security flaw has been identified in the TP-Link Archer C5400X gaming router, potentially allowing unauthenticated remote attackers to execute arbitrary commands on the device. This high-end, tri-band gaming router, known for its robust performance, has become a popular choice among gamers due to its advanced features and excellent user reviews. However, this newfound vulnerability poses significant risks.
Vulnerability Overview
The vulnerability, tracked as CVE-2024-5035, has received the highest severity rating with a CVSS v4 score of 10.0. Security analysts at OneKey discovered the flaw through binary static analysis. The issue lies within the ‘rftest’ binary, which exposes a network service vulnerable to command injection and buffer overflows on TCP ports 8888, 8889, and 8890.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
How the Vulnerability Works
The ‘rftest’ service is responsible for wireless interface self-assessment tasks and runs a network listener on the mentioned ports. Attackers can exploit this service by sending specially crafted messages containing shell metacharacters such as semicolons, ampersands, and pipes. These characters allow attackers to execute arbitrary commands with elevated privileges, leading to potential hijacking of the router, data interception, modification of DNS settings, and internal network breaches.
Command ID injection through port 8888
Source: OneKey
Patch and Mitigation
TP-Link has addressed the vulnerability with a firmware update. The issue was reported to TP-Link’s Product Security Incident Response Team (PSIRT) on February 16, 2024. A beta patch was ready by April 10, 2024, and the final security update was released on May 24, 2024. The new firmware version, Archer C5400X(EU)_V1_1.1.7 Build 20240510, effectively mitigates CVE-2024-5035 by filtering out commands containing shell metacharacters in all incoming messages.
Trending: OSINT Tool: SiteDorks
Recommendations for Users
Users of the TP-Link Archer C5400X router are strongly advised to update their firmware to the latest version to protect against this critical vulnerability. The firmware update can be downloaded from TP-Link’s official download portal or applied through the router’s admin panel. Ensuring that the router firmware is up to date is crucial for maintaining the security and integrity of the network.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
