CVE-2024-54126

HIGH Year: 2024
Weakness Type
CWE-347
View all →

Vulnerability Description

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.

Related Vulnerabilities

CVE-2020-2021

CRITICAL
CVSS:10.0(Critical)

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS ...

CWE-3472020

CVE-2023-25574

CRITICAL
CVSS:10.0(Critical)

`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating J...

CWE-3472023

CVE-2024-32962

CRITICAL
CVSS:10.0(Critical)

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the...

CWE-3472024

CVE-2022-26510

CRITICAL
CVSS:9.9(Critical)

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can ...

CWE-3472022

CVE-2014-3585

CRITICAL
CVSS:9.8(Critical)

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

CWE-3472014

CVE-2016-20021

CRITICAL
CVSS:9.8(Critical)

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-we...

CWE-3472016