CVE-2024-54126

HIGH

TP-Link Archer C50 - RCE

Title source: llm

Description

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.

References (1)

[Various Sources] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354

Scores

CVSS v4 8.5

EPSS 0.0003

EPSS Percentile 8.3%

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-347 CWE-494

Status published

Products (1)

TP-Link/Archer C50 Wireless Router <Archer C50(EU)_V4_ 240917

Published Dec 05, 2024

Tracked Since Feb 18, 2026