Unauthenticated Command Injection Vulnerability Affects Archer C4500X
CVE-2024-5035

Currently unrated

Key Information:

Vendor
Tp-link
Status
Archer C4500x
Vendor
CVE Published:
27 May 2024

Badges

📰 News Worthy

Summary

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.

Affected Version(s)

Archer C4500X 0 <= 1_1.1.6

News Articles

favicon imageThe Hacker News

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A critical vulnerability (CVE-2024-5035) has been disclosed in the TP-Link Archer C5400X gaming router, allowing remote code execution.

8 months ago

favicon imageBleepingComputer

TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.

8 months ago

References

https://onekey.com/blog/security-advisory-remote-command-...
third-party-advisory
https://www.tp-link.com/en/support/download/archer-c5400x...
vendor-advisoryrelease-notes

Timeline

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Credit

Quentin Kaiser from ONEKEY Research Labs
.