This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
History

Thu, 05 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 05 Dec 2024 12:45:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
Title Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50
Weaknesses CWE-312
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published: 2024-12-05T12:19:24.519Z

Updated: 2024-12-05T15:55:53.552Z

Reserved: 2024-11-29T11:09:33.863Z

Link: CVE-2024-54127

cve-icon Vulnrichment

Updated: 2024-12-05T15:55:49.053Z

cve-icon NVD

Status : Received

Published: 2024-12-05T13:15:09.440

Modified: 2024-12-05T13:15:09.440

Link: CVE-2024-54127

cve-icon Redhat

No data.