Security Affairs
Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

TP-Link Archer C5400X gaming router is affected by a critical flaw

Researchers warn of a critical remote code execution vulnerability in TP-Link Archer C5400X gaming router. Researchers at OneKey discovered a a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-5035 (CVSS score 10.0), in TP-Link Archer C5400X gaming router. A remote, unauthenticated, attacker can exploit the vulnerability to execute commands on the device. The TP-Link Archer C5400X […]

TP-Link Archer C5400X

Researchers warn of a critical remote code execution vulnerability in TP-Link Archer C5400X gaming router.

Researchers at OneKey discovered a a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-5035 (CVSS score 10.0), in TP-Link Archer C5400X gaming router.

A remote, unauthenticated, attacker can exploit the vulnerability to execute commands on the device.

The TP-Link Archer C5400X is a high-performance gaming router designed for demanding applications such as online gaming and streaming.

The vulnerability resides in a binary called “rftest” that is executed during device startup. The researchers discovered that the binary exposes a network service that is susceptible to unauthenticated command injection and buffer overflows on TCP ports 8888, 8889, and 8890

“By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.” reads the report published by the OneKey. “It’s unclear whether the binary is always launched and whether it is always exposed on LAN/WAN interfaces. We reproduced the issue within an emulator, but production device may behave differently. We put our trust in TP-Link in assessing the actual exposure of this vulnerability.

The experts noticed that upon executing the binary, it starts a TCP server on port 8888, accepting commands from clients. The binary only accepts commands starting with “wl” or “nvram get”. However, this limitation can be bypassed for command injection by appending shell meta-characters like “;”, “&”, or “|”.

TP-Link Archer C5400X

TP-Link addressed the issue by discarding any command containing shell meta-characters.

The issue affects firmware versions, through 1.1.1.6, Archer C5400X(EU)_V1_1.1.7 Build 20240510 addressed the flaw.

Below is the timeline for this flaw:

  • 2024-02-16 –Report submitted to TP-Link PSIRT through encrypted email.
  • 2024-02-19 –Case opened by TP-Link PSIRT.
  • 2024-04-10 –TP-Link shares a beta version of 1.1.7p1 for validation.
  • 2024-04-17 –Patch confirmed by ONEKEY.
  • 2024-05-27 –Release ONEKEY advisory in coordination with TP-Link

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TP-Link Archer C5400X)