CVE-2020-9375 in Archer C5
Summary
by MITRE
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/05/2026
The vulnerability identified as CVE-2020-9375 affects TP-Link Archer C50 V3 wireless routers running firmware builds prior to 200318 Rel. 62209. This issue represents a denial of service condition that can be triggered remotely through manipulation of HTTP headers, specifically targeting the Referer field. The affected device operates within the consumer and small office networking space, where these routers serve as critical network infrastructure components connecting end-user devices to the internet. The vulnerability stems from insufficient input validation within the web interface handling mechanism, where the device fails to properly sanitize or reject malformed HTTP headers that contain unexpected Referer values.
The technical flaw manifests in the router's HTTP server implementation which processes incoming web requests without adequate validation of the Referer header field. When a specially crafted HTTP request containing an unexpected Referer value is sent to the device, the router's web server processes this malformed input without proper bounds checking or sanitization. This processing error causes the device to enter an unstable state where it may crash or become unresponsive, effectively rendering the router inoperable for network traffic. The vulnerability can be exploited by remote attackers who do not require authentication or physical access to the device, making it particularly concerning for widespread impact. The issue falls under the category of improper input validation as classified by CWE-20, which is a fundamental weakness in software design that allows malicious inputs to disrupt normal application behavior.
The operational impact of this vulnerability extends beyond simple service interruption as it affects the core functionality of network infrastructure. When a TP-Link Archer C50 V3 device becomes unresponsive due to this denial of service attack, all devices connected to that network lose internet connectivity and internal network access. This creates a cascading effect that can impact business operations, home users, and potentially larger network environments where multiple affected devices exist. The vulnerability's remote exploitability means that attackers can target these devices from anywhere on the internet, making it a significant risk for both individual users and enterprise environments that may have legacy devices in their network infrastructure. Network administrators may not immediately detect such attacks as the device simply becomes unresponsive rather than exhibiting clear error messages or logging abnormalities.
Mitigation strategies for CVE-2020-9375 primarily focus on firmware updates provided by TP-Link, which address the input validation flaw in the web server component. Organizations and users should immediately apply the firmware update released by TP-Link for the Archer C50 V3 model to remediate this vulnerability. Network segmentation can provide additional protection by isolating critical network segments from potentially compromised devices, though this does not address the root cause. Firewall rules can be implemented to limit access to the router's web interface from trusted networks only, reducing the attack surface. Additionally, monitoring for unusual patterns in network traffic or device behavior can help detect potential exploitation attempts. The vulnerability demonstrates the importance of maintaining up-to-date firmware in network infrastructure devices, as outlined in cybersecurity best practices and frameworks such as those recommended by the NIST Cybersecurity Framework. From an ATT&CK perspective, this vulnerability relates to T1499.004 (Endpoint Denial of Service) and T1595.001 (Network Denial of Service), highlighting the need for network resilience and proper input validation in web server implementations.