Gamaredon Uses DNS Fast-Flux and Cloudflare Tunnels to Conceal GammaDrop Malware – Active IOCs

December 6, 2024

Mirai Botnet aka Katana – Active IOCs

December 7, 2024

Multiple TP-Link Archer C50 Vulnerabilities

December 6, 2024

Severity

Medium

Analysis Summary

CVE-2024-54127 CVSS:4.3

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.

CVE-2024-54126 CVSS:8.5

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2024-54127
CVE-2024-54126

Affected Vendors

TP-Link

Affected Products

TP-Link Archer C50

Remediation

Refer to TP-Link Security Advisory for patch, upgrade, or suggested workaround information.

TP-Link Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2025-6554 – Google Chrome Vulnerability

Multiple D-Link Products Vulnerabilities

Multiple GitLab Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us