Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 28/05/2024

REF NO : CERT / 2024/05/50

TP-Link Router Remote Code Execution Vulnerabilities

Severity Level: Medium

Components Affected

  • TP-Link Archer C5400X prior to 1_1.1.6

Overview

A vulnerability were identified in TP-Link router. A remote attacker could exploit this vulnerability to trigger remote code execution and elevation of privilege on the targeted system.

Description

The affected device expose a network service called “rftest” that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.

Impact

  • Remote Code Execution
  • Elevation of Privilege

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Reference

  1. https://www.tp-link.com/en/support/download/archer-c5400x/#Firmware
  2. https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC