CyberSecurityBoard
Sponsor Register Login

TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.
The TP-Link Archer C5400X is a high-end tri-band gaming router designed to provide robust performance and advanced features for gaming and other demanding applications, and based on the number of user reviews the product has on online stores, it appears to be a popular choice among gamers.
Arbitrary command execution on routers can lead to hijacking routers, data interception, changing DNS settings, and potentially breaching internal networks.
The flaw on the TP-Link Archer C5400X is tracked as CVE-2024-5035 and was identified by analysts at OneKey through binary static analysis.
The researchers found that the 'rftest' binary exposes a network service vulnerable to command injection and buffer overflows on TCP ports 8888, 8889, and 8890.
The 'rftest' service runs a network listener on these ports to perform wireless interface self-assessment and related tasks.
An attacker using shell metacharacters can send specially crafted messages to these ports, potentially achieving arbitrary command execution with elevated privileges.
Shell metacharacters are special characters like semicolons, ampersands, and pipes that are used for better function control on command-line shells.
They can also be abused for command execution when the user input isn't properly sanitized to prevent unauthorized actions.
As the mentioned ports are open and actively used by the 'rftest' service on the router's default configuration, they impact all users of the device using the vulnerable firmware versions, through 1.1.1.6.
OneKey analysts reported their findings to TP-Link's PSIRT on February 16, 2024, while the vendor had a beta patch ready by April 10, 2024.
Finally, the security update came late last week, on May 24, 2024, with the release of Archer C5400X(EU) V1 1.1.7 Build 20240510, which effectively addresses CVE-2024-5035.
The implemented fix was to discard any commands containing shell metacharacters, so these are filtered out in all incoming messages.
Users are recommended to download the firmware update from TP-Link's official download portal or use their router admin panel to perform the update.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
Widely used modems in industrial IoT devices open to SMS attack.
Maximum severity Flowmon bug has a public exploit, patch now.
QNAP QTS zero-day in Share feature gets public RCE exploit.
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 27 May 2024 19:20:03 +0000


Cyber News related to TP-Link fixes critical RCE bug in popular C5400X gaming router

TP-Link fixes critical RCE bug in popular C5400X gaming router - The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. The TP-Link Archer C5400X is a high-end tri-band gaming router designed to provide robust ...
7 months ago Bleepingcomputer.com
The Deep Web and the Security Challenges Facing the Gaming Industry - The gaming industry is no stranger to cyberattackers. A combination of valuable user data and monetizable rewards makes gaming a ripe target for malicious actors. With the advent of the Deep Web, cyber criminals have been able to further conceal ...
1 year ago Securityaffairs.com
Here's How to Make Your Gaming Experience Safer - Over 1 billion people worldwide regularly play online games. The emergence of high-quality games, multiple gaming mediums, and online communities has prompted gamers to overlook the dark side of online gaming. If you play games online on your ...
1 year ago Cybersecurity-insiders.com
Latest Information Security and Hacking Incidents - A cyberattack has compromised the prestigious game company Insomniac Games, exposing private data without authorization. Concerns over data security in the gaming business have been raised by this hack, which has spread throughout the community. ...
1 year ago Cysecurity.news
Is Hybrid Play Leveling the Playing Field for Online Video Gaming? - As technology continues to evolve, the market for online video gaming has grown exponentially. With the advent of hybrid play, we have seen the emergence of digital console gaming and increasing proficiency in a variety of gaming platforms. This ...
1 year ago Welivesecurity.com
Gaming PCs as Silent Storytellers: Why Privacy Is Crucial - Online games and video games are incredibly popular as a way to connect with people and interact with them. Many people enjoy playing games online, either on gaming consoles, computers, or mobile devices. Online gaming also poses some risks, such as ...
1 year ago Cysecurity.news
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers - The D-Link EXO AX4800 router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. The D-Link DIR-X4860 router is a high-performance Wi-Fi 6 router capable of ...
7 months ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
6 months ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
6 months ago Bleepingcomputer.com
Azure Service Tags tagged as security risk, Microsoft disagrees - Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. Service Tags are groups of IP addresses for a specific Azure service ...
6 months ago Bleepingcomputer.com
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
1 year ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
1 year ago Securityweek.com
Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
9 months ago Bleepingcomputer.com
Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters | Imperva - In recent research on compromised and malicious PyPI packages, Imperva Threat Research has identified an ongoing malware campaign specifically targeting Roblox hackers. Over time, vast communities have assembled on various platforms such as Reddit, ...
2 months ago Imperva.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
Spy Trojan SpyNote Unveiled in Attacks on Gamers - The SpyNote Trojan, camouflaged as a mod for the game Roblox, has been observed targeting Android users. This mobile malware can log keystrokes, record screens, stream video from phone cameras and impersonate Google and Facebook applications to ...
1 year ago Infosecurity-magazine.com
December Android updates fix critical zero-click RCE flaw - Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution bug. Tracked as CVE-2023-40088, the zero-click RCE bug was found in Android's System ...
1 year ago Bleepingcomputer.com
CVE-2024-32971 - Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being ...
7 months ago
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com
WordPress fixes POP chain exposing websites to RCE attacks - WordPress has released version 6.4.2 that addresses a remote code execution vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website. WordPress is a highly popular open-source content ...
1 year ago Bleepingcomputer.com
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin - A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, the plugin helps admins automate site backups to ...
1 year ago Bleepingcomputer.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
11 months ago Bleepingcomputer.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)