CVE-2020-9375

Vulnerability

TP-Link Archer C50 V3 devices running firmware prior to Build 200318 Rel. 62209 are vulnerable to a denial of service through the web interface. Sending an HTTP request with a malformed Referer header triggers a crash of the HTTP service on port 80 [1][2]. The affected firmware version is Build 171227 and below [2].

Exploitation

An attacker on the same network (Wi-Fi or LAN) can exploit this vulnerability by sending a crafted HTTP GET request with an unexpected or incorrectly formatted Referer header to the router's web interface on port 80. The attack requires no authentication, as the malicious request can be sent to the login page or any accessible HTTP endpoint. Using tools like curl with a custom header file, the attacker sends a request that causes the web server to crash and close the port [2].

Impact

Successful exploitation results in a denial of service (DoS) of the router's web management interface. The HTTP service on port 80 becomes unresponsive, preventing administrators from accessing the router's configuration panel until the device is manually rebooted. No other router functions are reportedly affected, but the inability to manage the device can disrupt network administration [1][2].

Mitigation

TP-Link has released a patched firmware build (200218) that addresses this vulnerability. The fixed firmware is available for download from TP-Link's support page [3]. Users should update their Archer C50 V3 to the latest firmware version to mitigate the issue. If immediate patching is not possible, limiting physical and network access to the router's web interface can reduce exposure [1][2][3].