In a bid to enhance user experience, Microsoft has reintroduced mouse gestures in its Edge Canary version, a feature previously present in legacy Edge before the transition to Chromium. […] Read More
BleepingComputer
Related Posts
TP-Link Archer C5400X Router Flaw Let Attacker Hack Devices Remotely
TP-Link Archer C5400X Router Flaw Let Attacker Hack Devices Remotely
Hackers often target routers as the gateways that connect devices and networks to the internet.
Besides this, they are lucrative targets for threat actors since they are often overlooked regarding security updates and patches.
Cybersecurity researchers at OneKey recently discovered that the TP-Link Archer C5400X router flaw enables attackers to hack devices remotely.
Technical Analysis
The zero-day identification by researchers feature uncovered multiple vulnerabilities across firmware, including:-
Command injection
Format string in shell
Buffer overflows
These findings, along with others from vendors like Cisco, were disclosed after rigorous testing and validation on researchers’ firmware corpus, ensuring meaningful analysis results.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
TP-Link Archer C5400X’s rftest file that tests the interface of a wireless system, has a network listener that can be attacked by anyone on TCP ports 8888-8890 without logging in.
Security analysts say this problem could give them higher authority than the device owner.
However, the TP-Link has submitted an actual exposure analysis since running and showing the binary is not always the same.
The root cause for command injection was reading user-controlled input from the TCP port 8888 socket.
The TP-Link router’s /etc/init.d/wireless script executes /sbin/wifi init on boot, which imports /lib/wifi/tplink_brcm.sh and triggers a function call tree culminating in /usr/sbin/rftest launch.
Attack chain (Soure – OneKey)
This rftest binary propagates user-controlled input from TCP port 8888 into popen() calls, enabling command injection if the input contains “wl” or starts with “nvram” and contains “get”.
The root cause of the vulnerability to this insecure data propagation within rftest has been identified by cybersecurity analysts.
C5400X TP-Link by rftest binary launches server TCP on port 8888 that accepts commands with prefix of “wl” or “nvram get.”
However, this can be overcome by omitting shell metacharacters like “;”, “&”, and “|” that lead to command injection.
The test revealed that remote code execution was successful through a connection to port 8888 and the injection of an identity command.
TP-Link has fixed this vulnerability in version 1_1.1.7, which users are encouraged to upgrade to via the router’s upgrade feature.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
The post TP-Link Archer C5400X Router Flaw Let Attacker Hack Devices Remotely appeared first on Cyber Security News.
Progress warns of maximum severity WS_FTP Server vulnerability
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. […] Read More
BleepingComputer
Japanese police create fake support scam payment cards to warn victims
Japanese police create fake support scam payment cards to warn victims
Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. […] Read More
BleepingComputer