May 27, 2024 at 03:19PM
The TP-Link Archer C5400X gaming router faced a critical security risk, enabling remote attackers to execute unauthorized commands. The flaw, tracked as CVE-2024-5035, was identified through static analysis and affected TCP ports 8888, 8889, and 8890. TP-Link has released a firmware update to address this vulnerability, advising all users to promptly update their devices.
Based on the meeting notes, here are the key takeaways:
– The TP-Link Archer C5400X gaming router was found to be vulnerable to security flaws, which could allow an unauthenticated, remote attacker to execute commands on the device.
– The specific vulnerability affecting the router is tracked as CVE-2024-5035 (CVSS v4 score: 10.0, “critical”) and was identified by analysts at OneKey through binary static analysis.
– The vulnerability stems from the ‘rftest’ binary exposing a network service vulnerable to command injection and buffer overflows on TCP ports 8888, 8889, and 8890.
– OneKey reported their findings to TP-Link’s PSIRT on February 16, 2024, and the vendor released a beta patch by April 10, 2024. The security update was made available on May 24, 2024, in the form of Archer C5400X(EU)_V1_1.1.7 Build 20240510, effectively addressing the vulnerability by discarding any commands containing shell metacharacters.
– Users are advised to download the firmware update from TP-Link’s official download portal or use their router admin panel to perform the update in order to protect their devices from the security flaw.