Critical Vulnerability Discovered in TP-Link Archer C5400X Gaming Router

May 28, 2024

The TP-Link Archer C5400X gaming router has been found to contain a critical remote code execution (RCE) vulnerability, according to researchers at OneKey. This flaw, designated as CVE-2024-5035 and scoring a maximum 10.0 on the CVSS scale, could potentially be exploited by a remote, unauthenticated attacker to execute commands on the device.

The TP-Link Archer C5400X is a high-performance router specifically designed for intensive applications such as online gaming and streaming. The identified vulnerability is located in a binary called 'rftest', which is run during the startup of the device. The researchers have found that this binary exposes a network service that is vulnerable to unauthenticated command injection and buffer overflows on TCP ports 8888, 8889, and 8890.

In a report published by OneKey, it is stated that 'By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.' The researchers also noted that the exact exposure of this vulnerability on LAN/WAN interfaces is unclear, as the issue was reproduced within an emulator and actual devices might behave differently.

The vulnerability becomes evident when the binary is executed, starting a TCP server on port 8888 and accepting commands from clients. Although the binary only accepts commands starting with 'wl' or 'nvram get', this restriction can be bypassed for command injection by appending shell meta-characters such as ';', '&', or '|'. To address this issue, TP-Link has discarded any command containing shell meta-characters.

The flaw affects firmware versions up to and including 1.1.1.6. The issue has been addressed in the Archer C5400X(EU)_V1_1.1.7 Build 20240510 firmware version.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.