Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Archer C50 Wireless Router by TP-Link
CVE-2024-54127 (GCVE-0-2024-54127)
Vulnerability from nvd – Published: 2024-12-05 12:19 – Updated: 2024-12-05 15:55
VLAI
Title
Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50
Summary
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link | Archer C50 Wireless Router |
Affected:
<Archer C50(EU)_V4_ 240917
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:55:43.403297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:55:53.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C50 Wireless Router",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003cArcher C50(EU)_V4_ 240917"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported is reported by Amey Chavekar, Khalid Markar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."
}
],
"value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T12:19:24.519Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0354"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Archer C50(EU)_V4_ 240917\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\"\u003ehttps://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Upgrade to Archer C50(EU)_V4_ 240917\n\n https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-54127",
"datePublished": "2024-12-05T12:19:24.519Z",
"dateReserved": "2024-11-29T11:09:33.863Z",
"dateUpdated": "2024-12-05T15:55:53.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54126 (GCVE-0-2024-54126)
Vulnerability from nvd – Published: 2024-12-05 12:14 – Updated: 2024-12-05 16:37
VLAI
Title
Insufficient Integrity Verification Vulnerability in TP-Link Archer C50
Summary
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link | Archer C50 Wireless Router |
Affected:
<Archer C50(EU)_V4_ 240917
|
|
| tp-link | archer_c50_firmware |
Affected:
c50\(eu\)_v4_240917
cpe:2.3:o:tp-link:archer_c50_firmware:c50\(eu\)_v4_240917:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:archer_c50_firmware:c50\\(eu\\)_v4_240917:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c50_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "c50\\(eu\\)_v4_240917"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:56:14.433573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T16:37:56.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C50 Wireless Router",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003cArcher C50(EU)_V4_ 240917"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported is reported by Khalid Markar, Amey Chavekar, Sushant Mane \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router\u2019s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device."
}
],
"value": "This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router\u2019s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T12:14:41.814Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0354"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Archer C50(EU)_V4_ 240917\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\"\u003ehttps://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Upgrade to Archer C50(EU)_V4_ 240917\n\n https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Integrity Verification Vulnerability in TP-Link Archer C50",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-54126",
"datePublished": "2024-12-05T12:14:41.814Z",
"dateReserved": "2024-11-29T11:09:33.863Z",
"dateUpdated": "2024-12-05T16:37:56.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54127 (GCVE-0-2024-54127)
Vulnerability from cvelistv5 – Published: 2024-12-05 12:19 – Updated: 2024-12-05 15:55
VLAI
Title
Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50
Summary
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link | Archer C50 Wireless Router |
Affected:
<Archer C50(EU)_V4_ 240917
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:55:43.403297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:55:53.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C50 Wireless Router",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003cArcher C50(EU)_V4_ 240917"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported is reported by Amey Chavekar, Khalid Markar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."
}
],
"value": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T12:19:24.519Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0354"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Archer C50(EU)_V4_ 240917\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\"\u003ehttps://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Upgrade to Archer C50(EU)_V4_ 240917\n\n https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-54127",
"datePublished": "2024-12-05T12:19:24.519Z",
"dateReserved": "2024-11-29T11:09:33.863Z",
"dateUpdated": "2024-12-05T15:55:53.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54126 (GCVE-0-2024-54126)
Vulnerability from cvelistv5 – Published: 2024-12-05 12:14 – Updated: 2024-12-05 16:37
VLAI
Title
Insufficient Integrity Verification Vulnerability in TP-Link Archer C50
Summary
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link | Archer C50 Wireless Router |
Affected:
<Archer C50(EU)_V4_ 240917
|
|
| tp-link | archer_c50_firmware |
Affected:
c50\(eu\)_v4_240917
cpe:2.3:o:tp-link:archer_c50_firmware:c50\(eu\)_v4_240917:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:archer_c50_firmware:c50\\(eu\\)_v4_240917:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c50_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "c50\\(eu\\)_v4_240917"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:56:14.433573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T16:37:56.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C50 Wireless Router",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003cArcher C50(EU)_V4_ 240917"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported is reported by Khalid Markar, Amey Chavekar, Sushant Mane \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router\u2019s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device."
}
],
"value": "This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router\u2019s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T12:14:41.814Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0354"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Archer C50(EU)_V4_ 240917\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\"\u003ehttps://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Upgrade to Archer C50(EU)_V4_ 240917\n\n https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Integrity Verification Vulnerability in TP-Link Archer C50",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-54126",
"datePublished": "2024-12-05T12:14:41.814Z",
"dateReserved": "2024-11-29T11:09:33.863Z",
"dateUpdated": "2024-12-05T16:37:56.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}