CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5035 – TP-Link Archer C5400X - RFTest Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2024-5035
27 May 2024 — The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6. El dispositivo afectado expone un servicio de red llamado "rftest" que es vulnerable a la inyección de comandos no autenticados en los puertos TCP/8888, TC... • https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •