A firmware vulnerability in TP-Link Archer C5 v4 routers (used in enterprise and home environments) could allow unauthorized, remote access to the device with administrative privileges.
The bug (CVE-2017-7405) affects models that run firmware version 3.16.0 0.9.1 v600c.0 Build 180124 Rel.28919n. First discovered by IBM X-Force Red’s Grzegorz Wypych, it could allow a remote attacker to spread laterally though a network, by first taking control of the router’s configuration via Telnet on the LAN and then connecting to a file transfer protocol (FTP) server elsewhere on the LAN.
