#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

TP-LINK | Breaking Cybersecurity News | The Hacker News

Category — TP-LINK
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

May 28, 2024 Vulnerability / Network Security
A maximum-severity security flaw has been disclosed in the  TP-Link Archer C5400X gaming router  that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as  CVE-2024-5035 , carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in  version 1_1.1.7  released on May 24, 2024. "By successfully exploiting this flaw, remote unauthenticated attackers can gain arbitrary command execution on the device with elevated privileges," German cybersecurity firm ONEKEY  said  in a report published Monday. The issue is rooted in a binary related to radio frequency testing "rftest" that's launched on startup and exposes a network listener on TCP ports 8888, 8889, and 8890, thus allowing a remote unauthenticated attacker to achieve code execution. While the network service is designed to only accept commands that start with "
Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Jan 18, 2023 Network Security
Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as  CVE-2022-4873  and  CVE-2022-4874 , concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running firmware versions earlier than R6B035 . "The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code," the CERT Coordination Center (CERT/CC)  said  in an advisory published Tuesday. "The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network." Security researcher  Brendan Scarvell  has been credited with discovering and reporting the issues in October 2022. In a related developme
How to Investigate ChatGPT activity in Google Workspace

How to Investigate ChatGPT activity in Google Workspace

Sep 17, 2024GenAI Security / SaaS Security
When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see ChatGPT activity natively in the Google Workspace admin console, and how Nudge Security can provide full visibility into all genAI integrations. Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled  "Improvements to data analysis in ChatGPT," the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It's worth mentioning that other genAI tools like Google AI Studio and Claude Enterprise have also added similar capabilities recently. Pretty great, right? Maybe.‍ When you connec
Expert Insights / Articles Videos
Cybersecurity Resources