TP-Link Archer AXE75 Vulnerability Allows Remote Command Execution
/ 1 min read
Critical vulnerability discovered in TP-Link Archer AXE75 router. A newly identified flaw, tracked as CVE-2024-53375, allows remote attackers to execute arbitrary commands on affected devices due to improper input validation in the router’s HomeShield functionality. Security researcher Thanatos confirmed the exploit on firmware version 1.2.2 Build 20240827, demonstrating that an attacker can manipulate specific parameters to gain root access. TP-Link has acknowledged the issue and provided a beta firmware fix, but a stable update is still pending. Users are advised to secure their devices by applying the beta update, disabling unnecessary services, and enforcing strong passwords to mitigate risks. Detailed insights into the vulnerability and exploitation techniques are available on Thanatos’ blog.