[email protected]English • 17 days ago

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

thehackernews.com

250

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

thehackernews.com

[email protected]English • 17 days ago

A critical vulnerability (CVE-2024-5035) has been disclosed in the TP-Link Archer C5400X gaming router, allowing remote code execution.

The Article

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in version 1_1.1.7 released on May 24, 2024.

“By successfully exploiting this flaw, remote unauthenticated attackers can gain arbitrary command execution on the device with elevated privileges,” German cybersecurity firm ONEKEY said in a report published Monday. The issue is rooted in a binary related to radio frequency testing “rftest” that’s launched on startup and exposes a network listener on TCP ports 8888, 8889, and 8890, thus allowing a remote unauthenticated attacker to achieve code execution. While the network service is designed to only accept commands that start with “wl” or “nvram get,” ONEKEY found that the restriction could be trivially bypassed by injecting a command after shell meta-characters like ; , & , or, | (e.g., “wl;id;”). Cybersecurity

TP-Link’s implemented fix in version 1_1.1.7 Build 20240510 addresses the vulnerability by discarding any command containing these special characters. “It seems the need to provide a wireless device configuration API at TP-Link had to be answered either fast or cheap, which ended up with them exposing a supposedly limited shell over the network that clients within the router could use as a way to configure wireless devices,” ONEKEY said.

The disclosure arrives weeks after security flaws were also revealed by the company in Delta Electronics DVW W02W2 industrial Ethernet routers (CVE-2024-3871) and Ligowave networking gear (CVE-2024-4999) that could allow remote attackers to gain remote command execution with elevated privileges. It’s worth noting that these flaws remain unpatched due to the devices being no longer actively maintained, making it imperative that users take adequate steps to limit exposure of administration interfaces to reduce the potential for exploitation.

Chat

@ThrowawayPermanente
link
English
39•16 days ago
Don’t ever buy anything marketed specifically to gamers
- @[email protected]
  link
  fedilink
  English
  21•16 days ago
  As a “gamer” and game developer, this is sound advice.
  - @[email protected]
    link
    fedilink
    English
    12•16 days ago
    Yep.
    
    At best, you’re paying extra for RGB lighting.
- @[email protected]
  link
  fedilink
  English
  4•16 days ago
  But what about video games :(
  - @[email protected]
    link
    fedilink
    English
    3•16 days ago
    Compile it yourself
    
    Donate to developers

[email protected]

[email protected]

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

4.5K users / day
10.6K users / week
19.9K users / month
41.6K users / 6 months
55.5K subscribers
9.68K Posts
433K Comments
Modlog