Severity
Medium
Analysis Summary
CVE-2024-54127 CVSS:4.3
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
CVE-2024-54126 CVSS:8.5
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-54127
- CVE-2024-54126
Affected Vendors
Affected Products
- TP-Link Archer C50
Remediation
Refer to TP-Link Security Advisory for patch, upgrade, or suggested workaround information.