Rather, update the firmware so that cyber villains do not interfere with your online victories.
A serious vulnerability has been identified in the TP-Link Archer C5400X gaming router, which leads to remote code execution on vulnerable devices by sending specially generated requests.
The vulnerability, identified as CVE-2024-5035, has a maximum CVSS rating of 10.0. It affects all router firmware versions up to version 1_1.1.6.
"The successful exploitation of this vulnerability allows remote unauthorized attackers to execute arbitrary commands on a device with elevated privileges," German information security company ONEKEY said in a report yesterday.
The problem is hidden in the radio frequency testing binary "rftest", which runs every time the device starts up and opens a Network Listener on TCP ports 8888, 8889, and 8890, allowing a remote unauthorized attacker to execute code.
Although the network service is designed to accept commands starting with "wl" or "nvram get", ONEKEY found that this limitation can be easily circumvented by embedding the command after shell characters such as";","&", or "|" (for example, "wl;id;").
In version 1_1.1.7 Build 20240510, released on May 24, 2024, TP-Link fixed the vulnerability by discarding any commands containing these special characters.
"It seems that the need to provide an API for configuring wireless devices in TP-Link was done either too quickly or too cheaply, which led to the opening of a limited shell over the network that customers in the router could use to configure wireless devices," ONEKEY experts noted.
This incident highlights the need for a comprehensive risk analysis and thorough testing of network components and APIs when developing devices that handle remote requests. Safety should be an integral part of the design process, and not added as an additional "binding" later.
A serious vulnerability has been identified in the TP-Link Archer C5400X gaming router, which leads to remote code execution on vulnerable devices by sending specially generated requests.
The vulnerability, identified as CVE-2024-5035, has a maximum CVSS rating of 10.0. It affects all router firmware versions up to version 1_1.1.6.
"The successful exploitation of this vulnerability allows remote unauthorized attackers to execute arbitrary commands on a device with elevated privileges," German information security company ONEKEY said in a report yesterday.
The problem is hidden in the radio frequency testing binary "rftest", which runs every time the device starts up and opens a Network Listener on TCP ports 8888, 8889, and 8890, allowing a remote unauthorized attacker to execute code.
Although the network service is designed to accept commands starting with "wl" or "nvram get", ONEKEY found that this limitation can be easily circumvented by embedding the command after shell characters such as";","&", or "|" (for example, "wl;id;").
In version 1_1.1.7 Build 20240510, released on May 24, 2024, TP-Link fixed the vulnerability by discarding any commands containing these special characters.
"It seems that the need to provide an API for configuring wireless devices in TP-Link was done either too quickly or too cheaply, which led to the opening of a limited shell over the network that customers in the router could use to configure wireless devices," ONEKEY experts noted.
This incident highlights the need for a comprehensive risk analysis and thorough testing of network components and APIs when developing devices that handle remote requests. Safety should be an integral part of the design process, and not added as an additional "binding" later.
