Unauthenticated Command Injection Vulnerability Affects Archer C4500X
Summary
The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.
Affected Version(s)
Archer C4500X <= 1_1.1.6
News Articles
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
A critical vulnerability (CVE-2024-5035) has been disclosed in the TP-Link Archer C5400X gaming router, allowing remote code execution.
5 months ago
TP-Link fixes critical RCE bug in popular C5400X gaming router
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.
5 months ago
Timeline
First article discovered by BleepingComputer
Vulnerability published.
Vulnerability Reserved.