Unauthenticated Command Injection Vulnerability Affects Archer C4500X
CVE-2024-5035

Currently unrated

Key Information:

Vendor

Tp-link
Status
Archer C4500x
Vendor
CVE Published:
27 May 2024

Badges

đź“° News Worthy

What is CVE-2024-5035?

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Archer C4500X 0 <= 1_1.1.6

News Articles

favicon imageThe Hacker News

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A critical vulnerability (CVE-2024-5035) has been disclosed in the TP-Link Archer C5400X gaming router, allowing remote code execution.

favicon imageBleepingComputer

TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.

References

https://onekey.com/blog/security-advisory-remote-command-...
third-party-advisory
https://www.tp-link.com/en/support/download/archer-c5400x...
vendor-advisoryrelease-notes

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • đź“°

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Credit

Quentin Kaiser from ONEKEY Research Labs
JSON
.