VU#554637: TP-Link Archer C50 router is vulnerable to configuration-file decryption
The TP-Link Archer C50 router, now End-of-Life, has a critical firmware vulnerability. This flaw involves a hardcoded, static DES encryption key used in ECB mode for configuration files. Attackers can exploit this by decrypting sensitive data stored within these files. The encryption lacks randomness and message authentication, simplifying offline decryption. Successful exploitation grants access to administrative credentials and Wi-Fi passwords. It also exposes network settings like static IPs and DNS server details. This allows for network intelligence gathering, revealing internal structures and connected devices. The vulnerability is easy to exploit on default firmware and does not require the router to be active. The primary impact is full authorized access to router configurations, leading to network compromise. Currently, there is no known practical solution, and the device no longer receives security updates. Users are strongly advised to replace the Archer C50 with a supported router model.