Thursday, February 6, 2025
HomeCVE/vulnerabilityA Zero-day Vulnerability in TP-link Router Let Hackers Gain Admin Privilege &...

A Zero-day Vulnerability in TP-link Router Let Hackers Gain Admin Privilege & Take Full Control of It Remotely

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered a new firmware vulnerability in TP-link Archer C5 (v4) routers Let the attacker gain an Admin Password, and allow them remote takeover the router.

Once the vulnerability has successfully exploited, a remote attacker takes over the router configurated through Telnet on the local area network (LAN) and connects to a File Transfer Protocol (FTP) server via both LAN and WAN.

The vulnerability marked as “Critical” severity since it grants access to unauthorized third-party access due to the improper authentication, and it affects the TP-link Archer C5 router that deployed in both home and business environments.

It is very dangerous for business networks where router with this kind of critical vulnerability will allow an attacker to enable the Guest WiFi, through which an attacker enters into the internal network.

How Does the Router Vulnerability Can be Triggered by Attackers

An attacker could trigger the vulnerability by just sending the vulnerable HTTP request to be granted access to the device.

Basically, there are two types of requests that are considering here, one if “Safe” and another one if “Malicious”. In Safe requests, two parameters must be validated: TokenID and the JSESSIONID.

“But the Common Gateway Interface (CGI) validation here is only based on the referrer’s HTTP headers that used to matches the IP address or the domain associated with tplinkwifi.net, and then the routers Main domain (HTTPD), will recognize it as valid .”

In this case, The vulnerability affected both HTTP POST and GET requests and voiding the admin password when string length exceeds the allowed number of bytes.

TP-link
Vulnerable HTTP POST request does not verify required parameters

According to IBM report , “The short way of describing this flaw is vulnerable HTTP requests that void the user’s password. In an overflow issue of sorts, when a string that’s shorter than the expected string length is sent through as the user’s password, the password value gets distorted into some non-ASCII bytes.”

The vulnerability has been reported to the TP-link and the patch has been issued on version TP-Link Archer C5 v4 and other versions that may be exposed.

You can also read the complete firmware analysis to know more about this vulnerability and how it was discovered.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Exploit 3,000 ASP.NET Machine Keys to Hack IIS Web Servers Remotely

Microsoft has raised alarms about a new cyber threat involving ViewState code injection attacks...

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Weaponized SVG Files With Google Drive Links Attacking Gmail, Outlook & Dropbox Users

A new wave of phishing attacks is leveraging Scalable Vector Graphics (SVG) files to...

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

XE Hacker Group Exploiting Veracode 0-Day’s to Deploy Malware & Steal Credit Card Details

The XE Group, a sophisticated Vietnamese-origin cybercrime organization active since 2013, has escalated its...

F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

A recently disclosed vulnerability in F5's BIG-IP systems has raised alarm within the cybersecurity...

Cisco IOS SNMP Vulnerabilities Allow Attackers to Launch DoS Attacks”

Cisco has disclosed multiple vulnerabilities in its Simple Network Management Protocol (SNMP) subsystem affecting...