{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-54127","assignerOrgId":"66834db9-ab24-42b4-be80-296b2e40335c","state":"PUBLISHED","assignerShortName":"CERT-In","dateReserved":"2024-11-29T11:09:33.863Z","datePublished":"2024-12-05T12:19:24.519Z","dateUpdated":"2024-12-05T15:55:53.552Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Archer C50 Wireless Router","vendor":"TP-Link","versions":[{"status":"affected","version":"<Archer C50(EU)_V4_ 240917"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability is reported is reported by Amey Chavekar, Khalid Markar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."}],"value":"This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system."}],"impacts":[{"capecId":"CAPEC-37","descriptions":[{"lang":"en","value":"CAPEC-37 Retrieve Embedded Sensitive Data"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"PHYSICAL","baseScore":4.3,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-312","description":"CWE-312: Cleartext Storage of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"66834db9-ab24-42b4-be80-296b2e40335c","shortName":"CERT-In","dateUpdated":"2024-12-05T12:19:24.519Z"},"references":[{"tags":["third-party-advisory"],"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to Archer C50(EU)_V4_ 240917<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip\">https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip</a> <br>"}],"value":"Upgrade to Archer C50(EU)_V4_ 240917\n\n https://static.tp-link.com/upload/firmware/2024/202411/20241125/Archer%20C50(EU)_V4_240917.zip"}],"source":{"discovery":"UNKNOWN"},"title":"Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-05T15:55:43.403297Z","id":"CVE-2024-54127","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-05T15:55:53.552Z"}}]}}