250
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks (thehackernews.com)
submitted 3 weeks ago by Sunny@slrpnk.net to c/technology@lemmy.world
46 comments fedilink hide all child comments

The Article

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in version 1_1.1.7 released on May 24, 2024.

"By successfully exploiting this flaw, remote unauthenticated attackers can gain arbitrary command execution on the device with elevated privileges," German cybersecurity firm ONEKEY said in a report published Monday. The issue is rooted in a binary related to radio frequency testing "rftest" that's launched on startup and exposes a network listener on TCP ports 8888, 8889, and 8890, thus allowing a remote unauthenticated attacker to achieve code execution. While the network service is designed to only accept commands that start with "wl" or "nvram get," ONEKEY found that the restriction could be trivially bypassed by injecting a command after shell meta-characters like ; , & , or, | (e.g., "wl;id;"). Cybersecurity

TP-Link's implemented fix in version 1_1.1.7 Build 20240510 addresses the vulnerability by discarding any command containing these special characters. "It seems the need to provide a wireless device configuration API at TP-Link had to be answered either fast or cheap, which ended up with them exposing a supposedly limited shell over the network that clients within the router could use as a way to configure wireless devices," ONEKEY said.

The disclosure arrives weeks after security flaws were also revealed by the company in Delta Electronics DVW W02W2 industrial Ethernet routers (CVE-2024-3871) and Ligowave networking gear (CVE-2024-4999) that could allow remote attackers to gain remote command execution with elevated privileges. It's worth noting that these flaws remain unpatched due to the devices being no longer actively maintained, making it imperative that users take adequate steps to limit exposure of administration interfaces to reduce the potential for exploitation.

top 46 comments
sorted by: hot top controversial new old
[-] li10@feddit.uk 52 points 3 weeks ago

People only buying this for the aesthetic in the first place and it’s pathetic.

Just buy a functional router and a Lego kit like a real adult ffs.

[-] RustyNova@lemmy.world 19 points 3 weeks ago

No one diss the gaming demon summoning circle! Sacrifice him!

[-] Flashback956@feddit.nl 10 points 3 weeks ago

They also buy it because it is marketed for gamers telling them it gives them an advantage. Which it will if you compare it to a shitty router from 2008. Nowadays any mainstream router will do fine as long as you are within its range. If you really care as a gamer use a wired connection.

[-] Broken_Monitor@lemmy.world 6 points 3 weeks ago

I look at this thing wondering why the hell it has 9 antennas?? Or is that really just for looks? Which only raises more questions really…

[-] conquer4@lemmy.world 4 points 3 weeks ago

Supposably for beam forming 🤷🏼‍♂️

[-] Broken_Monitor@lemmy.world 2 points 3 weeks ago

I wanna see Scotty installing these on the Enterprise.

[-] hydroptic@sopuli.xyz 46 points 3 weeks ago* (last edited 3 weeks ago)

While the network service is designed to only accept commands that start with “wl” or “nvram get,” ONEKEY found that the restriction could be trivially bypassed by injecting a command after shell meta-characters like ; , & , or, | (e.g., “wl;id;”).

Whenever I feel like I'm a terrible programmer, I remind myself that there are vast amounts of confident coders out there being paid for code with idiotic mistakes like this and they have no intention of getting any better at it

[-] freeman@sh.itjust.works 7 points 2 weeks ago

Frankly " injecting a command after shell-metacharacters" makes it sound much more mystical and arcane than"just use the normal one liner syntax to run 2 commands"

[-] ThrowawayPermanente@sh.itjust.works 39 points 3 weeks ago

Don't ever buy anything marketed specifically to gamers

[-] Sylvartas@lemmy.world 21 points 3 weeks ago

As a "gamer" and game developer, this is sound advice.

[-] laurelraven@lemmy.blahaj.zone 12 points 3 weeks ago

Yep.

At best, you're paying extra for RGB lighting.

[-] sum_yung_gai@lemm.ee 4 points 3 weeks ago

But what about video games :(

[-] ILikeBoobies@lemmy.ca 3 points 3 weeks ago

Compile it yourself

Donate to developers

[-] wjrii@lemmy.world 31 points 3 weeks ago

On the plus side, this particular router will work fine as a stand for a fondue pot.

[-] Obi@sopuli.xyz 6 points 3 weeks ago

Utterly hilarious designs in the router world.

[-] xep@fedia.io 19 points 3 weeks ago

There aren't enough RGBs on this thing for me to even consider it "gaming." Step it up, TP Link!

[-] hydroptic@sopuli.xyz 18 points 3 weeks ago

Yeah, what's "gaming" about this thing? Does it hate women and minorities?

[-] lud@lemm.ee 11 points 3 weeks ago

Yeah, what's "gaming" about this thing?

Red accents of course.

[-] Hupf@feddit.de 7 points 3 weeks ago

And spikes

[-] mox@lemmy.sdf.org 15 points 3 weeks ago* (last edited 3 weeks ago)

Pro tip: Avoid routers with proprietary firmware.

OpenWrt is a nice alternative that can be installed on many devices.

[-] Plopp@lemmy.world 14 points 3 weeks ago

Leaving consumer routers behind and going the pfSense route is among the best decisions I've ever made. Highly recommended for anyone who isn't afraid to learn some network stuff.

[-] qjkxbmwvz@startrek.website 5 points 3 weeks ago

I went with "cheap mikrotik router + cheap used enterprise APs (3x Aruba 325)," and I've been pretty happy.

What hardware you running for pfSense?

[-] Noerttipertti@sopuli.xyz 4 points 3 weeks ago

Same idea here. Fortigate 30f (since I can dl updates manually), Fortiswitch 124e (same) and 2 FortiAP 421E's (ditto). All but ap's I could grab from employers "ditch bin".

[-] bloodfart@lemmy.ml 1 points 3 weeks ago

You can run pf sense on fortinet stuff?

[-] Noerttipertti@sopuli.xyz 1 points 3 weeks ago

No. It's proprietary custom SoC that runs heavily modified unix on ARM.
But software is solid and patches come out lightning fast.

[-] bloodfart@lemmy.ml 0 points 3 weeks ago

Oh. The fortigate wasn’t one of the ones that had to be replaced because of a cvss 10 was it?

[-] Noerttipertti@sopuli.xyz 1 points 2 weeks ago

Yes and no. That model still gets updates. One I have has no active support licence, so it has to be updated manually.

[-] bloodfart@lemmy.ml -1 points 2 weeks ago

I thought they had a batch of fortigate hardware whose baked in keys got leaked and their response was to recommend that affected devices be removed from service, no update fix, no patch, just “stop using them, we can’t fix it”.

Sorry for not having more information on hand, I’m on mobile at the moment and the nist database is tough to navigate with fat thumbs.

[-] Plopp@lemmy.world 2 points 3 weeks ago

I'm running a Pentium G4560 and 8Gb of RAM in a dual NIC Shuttle case. The specs were a total gamble but I have a lot of headroom currently so if I need to do more advanced stuff in the future I can.

[-] Fungah@lemmy.world 1 points 2 weeks ago

My old PC.

Its on proxmox but I've got an i7 8600k 18tb hard drive for frigate / nas, rtx2080ti because where else am I going to put it. 32gb ram. 1000 watt PSU.

[-] Fungah@lemmy.world 4 points 3 weeks ago

Setting up a pfsense router / firewall virtualized in proxmox on my server PC with separate vlans for my iot devices and guest WiFi was tedious, time consuming, challenging, educational, and ultimately worth it. I'm not invincible buy at least I have fucking viability into what's going on in my fucking home network.

[-] laurelraven@lemmy.blahaj.zone 1 points 3 weeks ago

Do you have any recommendations for someone looking to do this? Guides you found useful, videos or YouTube channels, software packages, pitfalls to avoid? I've been thinking of doing something like this for years and lately feel like I need to to get a handle on what's really going on in my network

[-] Fungah@lemmy.world 2 points 2 weeks ago

Dude I wish. I'd love to be able to point you in the right direction but getting this all working for me was just the product.of determination and posts / videos from all over the place.

I can tell you that adding proxmox to the equation made things way more complicated. And that vlans are not intuitive.

My advice would be to just kind of go for it. I ended up needing a smart switch, a mul5i nic pace card, a regular switch, and two access points (you could get a vlan aware access point but I couldn't find anything that made sense price wise).

The whole thing took days to set up. I frequently didn't know why things weren't working. It sucked.

You can pm me if you get stuck and I can try to give you a hand buy the frustrating truth I learned about the process was that I was kind of on my own since every set up is kind of unique based on your hardware.

I'm glad its done but doing it frankly sucked..

[-] laurelraven@lemmy.blahaj.zone 1 points 2 weeks ago

Thanks for the reply!

I'll probably just start messing around with things and see where they go, worst case I'll spend some time and learn some things

[-] Sunny@slrpnk.net 2 points 3 weeks ago

I'm doing this myself very soon, honestly looking forwards to it so much 😁

[-] Plopp@lemmy.world 2 points 3 weeks ago

I remember that anticipation fondly. 😁 I watched a bunch of videos on pfSense (Lawrence Systems on YT is great, but you probably know that already) and read a bunch of things, planning out what I wanted to do before I made the leap, and it was great!

[-] Sunny@slrpnk.net 1 points 3 weeks ago

Yeah LS is truly a great resource for so many topics. Thanks for the suggestion! 🙌

[-] Talaraine@fedia.io 11 points 3 weeks ago

lmao just bought one of these last week! Glad the fix is already out.

And no, I didn't buy it for its looks xD It's actually a decent router that does additional things I needed.

[-] megaman@discuss.tchncs.de 8 points 3 weeks ago

Inside me there are two wolves, one that thinks "gamer" stuff is stupid, and another that thinks this router looks sweet as hell.

[-] Ioughttamow@kbin.run 2 points 3 weeks ago

Just have to gibbet some dolls on those spikes

[-] WeirdGoesPro@lemmy.dbzer0.com 1 points 3 weeks ago

I have one that looks just like this. Always worked pretty well for me.

[-] Gamers_Mate@kbin.run 8 points 3 weeks ago

Looks like a Daedric artifact of some sort.

[-] Hupf@feddit.de 4 points 3 weeks ago

Or like a Split trading station from X4

[-] anon_8675309@lemmy.world 7 points 3 weeks ago

Hate the look of all these home routers.

[-] _sideffect@lemmy.world 6 points 3 weeks ago

Looks like a dead spider

[-] Wiitigo@lemmy.world 2 points 2 weeks ago

I don't see how this is possible. The router has EIGHT aerodynamic antennas.

Maybe they should have added one or two more..

this post was submitted on 09 Jun 2024
250 points (98.8% liked)

Technology

55606 readers
3492 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world