Vulnerability in TP-Link Archer C50 Could Allow Access to Wi-Fi Credentials
CVE-2024-54127

Currently unrated

Key Information:

Vendor: Tp-link
Status: Archer C50 Wireless Router
Vendor: CVE Published:; 5 December 2024

Summary

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.

Affected Version(s)

Archer C50 Wireless Router <Archer C50(EU)_V4_ 240917

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 29, 2024

Credit

This vulnerability is reported is reported by Amey Chavekar, Khalid Markar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai