CVE-2024-54127 MEDIUM

CVE-2024-54127: Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50

Vendor Tp-Link
Product Archer C50 Wireless Router
Weakness CWE-312 · Cleartext storage
Published December 5, 2024
Last update December 5, 2024

CVSS base score

4.3/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.

Key dates

02Disclosure timeline

December 5, 2024 CVE published
December 5, 2024 Record updated