CVE-2024-5035

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5400X versions prior to 1.1.7 TP-Link Archer C4500X versions through 1 1.1.6

Description: The issue is related to a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. This allows a remote unauthenticated attacker to gain arbitrary command execution on the device with elevated privileges. The problem is associated with the rftest binary file, which opens a network listener on TCP ports.

Recommendations: For TP-Link Archer C5400X versions prior to 1.1.7, update to version 1.1.7 or later, which fixes the vulnerability by preventing the execution of commands with shell symbols. For TP-Link Archer C4500X versions through 1 1.1.6, consider disabling the "rftest" service as a temporary workaround until a patch is available. Restrict access to the vulnerable TCP ports (8888, 8889, and 8890) to minimize the risk of exploitation.