TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks ( thehackernews.com )

The Article

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in version 1_1.1.7 released on May 24, 2024.

"By successfully exploiting this flaw, remote unauthenticated attackers can gain arbitrary command execution on the device with elevated privileges," German cybersecurity firm ONEKEY said in a report published Monday. The issue is rooted in a binary related to radio frequency testing "rftest" that's launched on startup and exposes a network listener on TCP ports 8888, 8889, and 8890, thus allowing a remote unauthenticated attacker to achieve code execution. While the network service is designed to only accept commands that start with "wl" or "nvram get," ONEKEY found that the restriction could be trivially bypassed by injecting a command after shell meta-characters like ; , & , or, | (e.g., "wl;id;").
Cybersecurity

TP-Link's implemented fix in version 1_1.1.7 Build 20240510 addresses the vulnerability by discarding any command containing these special characters. "It seems the need to provide a wireless device configuration API at TP-Link had to be answered either fast or cheap, which ended up with them exposing a supposedly limited shell over the network that clients within the router could use as a way to configure wireless devices," ONEKEY said.

The disclosure arrives weeks after security flaws were also revealed by the company in Delta Electronics DVW W02W2 industrial Ethernet routers (CVE-2024-3871) and Ligowave networking gear (CVE-2024-4999) that could allow remote attackers to gain remote command execution with elevated privileges. It's worth noting that these flaws remain unpatched due to the devices being no longer actively maintained, making it imperative that users take adequate steps to limit exposure of administration interfaces to reduce the potential for exploitation.

Wiitigo ,

I don't see how this is possible. The router has EIGHT aerodynamic antennas.

Maybe they should have added one or two more..

mox ,

Pro tip: Avoid routers with proprietary firmware.

OpenWrt is a nice alternative that can be installed on many devices.

ThrowawayPermanente ,

Don't ever buy anything marketed specifically to gamers

Sylvartas ,

As a "gamer" and game developer, this is sound advice.

laurelraven ,

Yep.

At best, you're paying extra for RGB lighting.

sum_yung_gai ,

But what about video games :(

Plopp ,

Leaving consumer routers behind and going the pfSense route is among the best decisions I've ever made. Highly recommended for anyone who isn't afraid to learn some network stuff.

qjkxbmwvz ,

I went with "cheap mikrotik router + cheap used enterprise APs (3x Aruba 325)," and I've been pretty happy.

What hardware you running for pfSense?

Fungah ,

Setting up a pfsense router / firewall virtualized in proxmox on my server PC with separate vlans for my iot devices and guest WiFi was tedious, time consuming, challenging, educational, and ultimately worth it. I'm not invincible buy at least I have fucking viability into what's going on in my fucking home network.

Talaraine ,

lmao just bought one of these last week! Glad the fix is already out.

And no, I didn't buy it for its looks xD It's actually a decent router that does additional things I needed.

megaman ,

Inside me there are two wolves, one that thinks "gamer" stuff is stupid, and another that thinks this router looks sweet as hell.

wjrii ,

On the plus side, this particular router will work fine as a stand for a fondue pot.

Obi ,
@Obi@sopuli.xyz avatar

Utterly hilarious designs in the router world.

hydroptic ,

While the network service is designed to only accept commands that start with “wl” or “nvram get,” ONEKEY found that the restriction could be trivially bypassed by injecting a command after shell meta-characters like ; , & , or, | (e.g., “wl;id;”).

Whenever I feel like I'm a terrible programmer, I remind myself that there are vast amounts of confident coders out there being paid for code with idiotic mistakes like this and they have no intention of getting any better at it

freeman ,

Frankly " injecting a command after shell-metacharacters" makes it sound much more mystical and arcane than"just use the normal one liner syntax to run 2 commands"

Gamers_Mate ,

Looks like a Daedric artifact of some sort.

xep ,

There aren't enough RGBs on this thing for me to even consider it "gaming." Step it up, TP Link!

hydroptic ,

Yeah, what's "gaming" about this thing? Does it hate women and minorities?

lud ,

Yeah, what's "gaming" about this thing?

Red accents of course.

Hupf ,

And spikes

li10 ,

People only buying this for the aesthetic in the first place and it’s pathetic.

Just buy a functional router and a Lego kit like a real adult ffs.

RustyNova ,

No one diss the gaming demon summoning circle! Sacrifice him!

Broken_Monitor ,

I look at this thing wondering why the hell it has 9 antennas?? Or is that really just for looks? Which only raises more questions really…

conquer4 ,

Supposably for beam forming 🤷🏼‍♂️

Flashback956 ,
@Flashback956@feddit.nl avatar

They also buy it because it is marketed for gamers telling them it gives them an advantage. Which it will if you compare it to a shitty router from 2008. Nowadays any mainstream router will do fine as long as you are within its range. If you really care as a gamer use a wired connection.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • kbinchat
  • All magazines
    •