TP-Link C5400X Gaming Router Exposed to High-Risk Vulnerability: Upgrade Firmware Immediately

European cybersecurity firm OneKey has disclosed a high-risk security vulnerability in the TP-Link Archer C5400X gaming router. The flaw allows hackers to remotely execute arbitrary commands, giving them control over the entire router and allowing them to monitor user network traffic.

The vulnerability was discovered in February and reported to TP-Link's European company. After testing, TP-Link released a patched firmware on April 10, which was confirmed to have fixed the issue by OneKey on April 17.

After patching the vulnerability, TP-Link rolled out a firmware update (version 1_1.1.7) to affected C5400X routers. Forty days later, OneKey and TP-Link jointly disclosed the full details of the vulnerability.

The Vulnerability in Detail:
The security issue revolves around the rftest binary file used for radio frequency testing, which was found to be exposing network listeners on TCP ports 8888, 8889, and 8890. This exposure led to command injection and buffer overflow vulnerabilities, essentially allowing unauthenticated users to execute arbitrary commands on the router as administrators.

Such vulnerabilities mean that the router could be considered compromised, as attackers could manipulate it to perform various malicious activities. These activities could include altering DNS settings to redirect users to malicious sites or eavesdropping on network traffic.

OneKey's analysis also highlighted a lack of rigorous security checks by TP-Link, with client-side router configurations being accessible via an exposed shell. This insecure programming practice could potentially allow remote exploitation of the shell.

Firmware Upgrade for C5400X Routers:
Users of the C5400X router are advised to access the router's management interface and check for the latest firmware updates, specifically the 1_1.1.7 version that addresses this vulnerability. Regular firmware checks and updates are recommended for all router brands, with an emphasis on enabling automatic updates to enhance security.

While automatic firmware updates occasionally lead to issues—such as the incident where an incorrect update from Asus led to a global outage of its routers—the benefits of maintaining security through regular updates outweigh the potential drawbacks.

It's important to note that the C5400X router is not marketed towards customers in China, or the version sold in China might be different.