// For flags

CVE-2024-54126

Insufficient Integrity Verification Vulnerability in TP-Link Archer C50

Severity Score

8.5
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.

*Credits: This vulnerability is reported is reported by Khalid Markar, Amey Chavekar, Sushant Mane & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-11-29 CVE Reserved
  • 2024-12-05 CVE Published
  • 2024-12-05 CVE Updated
  • 2024-12-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
  • CWE-494: Download of Code Without Integrity Check
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
TP-Link
Search vendor "TP-Link"
 Archer C50 Wireless Router
Search vendor "TP-Link" for product "Archer C50 Wireless Router"
*en
Affected