CVE-2024-54127: Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50

4.3 CVSS

Description

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.

Classification

CVE ID: CVE-2024-54127

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

Affected Products

Vendor: TP-Link

Product: Archer C50 Wireless Router

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354

Timeline

2024-12-06 00:32:16 UTC
CVE

Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50