TP-Link releases fix for critical flaw in Archer C5400X gaming router
Take action: If you are using TP-Link Archer C5400X, update it ASAP. The update is fairly trivial and automated so don't delay. Your router is exposed and vulnerable to attacks - especially if exposed directly to the internet or has guest networks.
Learn More
TP-Link has released a critical security update addressing a severe remote code execution (RCE) vulnerability in its popular Archer C5400X gaming router.
The vulnerability is tracked as CVE-2024-5035 (CVSS score 9.8), could allow an unauthenticated, remote attacker to execute arbitrary commands on the device. The vulnerability impacts all users of the Archer C5400X using firmware versions up to 1.1.1.6.
Researchers at OneKey discovered the flaw in the 'rftest' binary that exposes a network service on TCP ports 8888, 8889, and 8890, which is vulnerable to command injection and buffer overflows. The 'rftest' service operates a network listener on these ports for wireless interface self-assessment. An attacker can exploit this vulnerability by sending specially crafted messages containing shell metacharacters (e.g., semicolons, ampersands, pipes) to these ports, potentially achieving arbitrary command execution with elevated privileges.
Exploiting this vulnerability could allow attackers to hijack the router, intercept data, change DNS settings or continue the attack to internal networks
TP-Link released a beta patch on April 10, 2024, and the final security update was made available on May 24, 2024 as Archer C5400X(EU)_V1_1.1.7 Build 20240510. The fix is simple, it works by discarding any commands containing shell metacharacters,
Users are strongly advised to download and install the firmware update from TP-Link’s official download portal or via the router’s admin panel.
