Massive Brute Force Attack Targeting Networking Devices
A large-scale brute force attack is underway, using nearly 2.8 million IP addresses daily to target networking devices from Palo Alto Networks, Ivanti, and SonicWall….
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
Overview
TP-Link has recently announced a critical vulnerability in their Archer C5400X Gaming Router. This flaw could allow remote code execution (RCE) on affected devices via specially crafted requests.
The TP-Link Archer C5400X is a high-end tri-band gaming router built to deliver powerful performance and advanced features for gaming and other intensive applications.
Vulnerability Details
- CVE Identifier: CVE-2024-5035
- Severity Level: 10 (Critical)
- Affected Service: The vulnerability involves the “rftest” network service, which starts automatically upon device startup.
- Affected Ports: TCP Ports 8888, 8889, and 8890
- Affected Firmware Versions: All versions including and prior to ‘1_1.1.6’
- Resolved in Firmware Version: ‘1_1.1.7’ (released on May 24, 2024)
Technical Details
Upon detailed examination, it was discovered that the security measures implemented by the network service to prevent exploits, such as code injection, were circumvented by utilising meta-characters such a ‘;,&,or,|’. An attacker using shell metacharacters can send specially crafted messages to these ports, potentially achieving arbitrary command execution with elevated privileges.
Impact
Successful exploitation of this vulnerability could allow attackers to completely compromise affected routers, potentially leading to:
- Unauthorised access to your network
- Theft of sensitive data
- Disruption of network services
- Installation of malware
Recommendations
- Immediate Firmware Update: All users with this router model should update their router firmware to version ‘1_1.1.7’ or later as soon as possible.
- Minimise Exposure: Reduce the exposure of administrative interfaces, such as routers in this case, as much as possible to reduce the likelihood of exploitation.
By following these steps, users can protect their devices from this critical vulnerability and ensure their network security remains intact.
Related articles
Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…