Statement on LAN Command Execution on Archer C5400X(CVE-2024-5035)

Security Advisory
Updated 05-31-2024 06:51:17 AM 14739
This Article Applies to: 

TP-Link has noted the reports about CVE-2024-5035. We have prioritized addressing this issue and fixed the source code weakness before its public disclosure.

After a thorough internal source code analysis (including an in-depth review of the function call path), we have determined that CVE-2024-5035 is more of a source code weakness than an available LAN vulnerability with a specific killchain. As such, CVE-2024-5035 disclosure does not increase information security risks in daily use.

TP-Link takes security vulnerabilities very seriously and actively deals with them upon receipt of notification. We have released firmware Archer C5400X_V1_1.1.7 Build 20240510 on the official website and pushed the firmware to customers' devices before CVE-2024-5035 is disclosed publicly. Archer C5400X will automatically receive update notifications in the web administration interface, Tether application.

TP-Link strongly recommends that you download and update to the latest firmware for the product model as soon as possible.

Disclaimer

The vulnerability will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.