Vulnerability in TP-Link Archer C50's Firmware Upgrade Process
CVE-2024-54126

Currently unrated

Key Information:

Vendor: Tp-link
Status: Archer C50 Wireless Router
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-54126?

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.

Affected Version(s)

Archer C50 Wireless Router <Archer C50(EU)_V4_ 240917

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 29, 2024

Credit

This vulnerability is reported is reported by Khalid Markar, Amey Chavekar, Sushant Mane & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai

Tp-link

What is CVE-2024-54126?

Affected Version(s)

References

Timeline

Credit