Endpoint Security , Internet of Things Security

Flaw in TP-Link Gaming Router Allows Remote Attacks

Unsanitized Inputs Leads to Remote Code Execution
Flaw in TP-Link Gaming Router Allows Remote Attacks
An Archer C5400X gaming Wi-Fi router (Image: TP-Link)

A gaming Wi-Fi router contained a zero-day that allowed a remote unauthenticated attacker to execute arbitrary code - a flaw that a static analysis cybersecurity firm attributed to insecure coding practices.

See Also: Securing Enterprise IoT: Advanced Threats and Strategies to Respond

Onekey on Monday said that it examined the firmware in the TP-Link Archer C5400X Tri-Band Gaming Router. The Chinese manufacturer released a patch for the vulnerability earlier this month.

The flaw, tracked as CVE-2024-5035, resided in a binary called rftest - which, as its name implies, tests radio frequency emissions. When executed, the binary launches a TCP server and accepts commands that start with wl or nvram.get. But router developers neglected to sanitize inputs, which allowed attackers to inject a command by using common metacharacters such as ;, ,, & and |.

"It seems the need to provide a wireless device configuration API at TP-Link had to be answered either fast or cheap, which ended up with them exposing a supposedly limited shell over the network that clients within the router could use as a way to configure wireless devices," Onekey said.

Routers are a perennial source of risk to enterprises and home users alike. By necessity, they are constantly exposed to the internet, but they usually are not thought of except when a signal is glitchy. Routers have been avenues for exploitation by Russian military intelligence hackers, their Chinese counterparts and oodles of cybercriminal botnets.

An international law enforcement operation announced Wednesday that it took down a botnet the FBI director called likely the world's largest yet. The 911 S5 botnet consisted of 19 million IP addresses, federal authorities said (see: FBI Says It Dismantled 'Likely the World's Largest Botnet').

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.