CVE-2024-54126

Dec. 5, 2024, 1:15 p.m.

None
No Score

Description

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.

Product(s) Impacted

Product Versions
TP-Link Archer C50

Weaknesses

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354

Tags

CWE-347
vdisclose@cert-in.org.in
2024-12-05
CVE-2024-54126

Date

  • Published: Dec. 5, 2024, 1:15 p.m.
  • Last Modified: Dec. 5, 2024, 1:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vdisclose@cert-in.org.in

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.