Security update: Attackers can take over TP-Link router C5400X
The TP-Link WLAN router C5400X is vulnerable. A security patch closes a critical vulnerability.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can exploit a security vulnerability in TP-Link's C5400X WLAN router and, in the worst case, gain full control of the device. An updated firmware solves the problem.
The vulnerability
Security researchers from Onekey have discovered the"critical" vulnerability (CVE-2024-5035). The vulnerability is classified with the highest possible CVSS 4 score of 10 out of 10. It affects the rftest component, which checks radio frequencies. The service listens on the open TCP ports 8888, 8889 and 8890.
Due to inadequate input checks, attackers can use crafted requests at this point, the security researchers explain in a report. Attacks should be possible remotely and without authentication. If an attack succeeds, attackers can execute their own code and gain higher user rights. As a rule, devices attacked in this way are then considered fully compromised. In their report, the researchers break down the vulnerability.
Protective firmware
They state that they contacted TP-Link about the security problem in mid-February this year. Version C5400X(EU)_V1_1.1.7 Build 20240510, which is protected against the described attack, has been available since the end of April 2024. All previous versions are said to be vulnerable.
In the repaired version, the developers have tightened up the checking of input and shell meta characters such as semicolons are now discarded. Thanks to this filtering, attacks now come to nothing. It is currently not known whether there are already attacks. Owners of the router should update the device in the admin panel as soon as possible.
(des)
