4 matches found
CVE-2024-5035
The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...
CVE-2024-5035
CVE-2024-5035 affects TP-Link Archer C4500X (firmware up to 1_1.1.6). The rftest binary launches a network listener on TCP ports 8888, 8889, and 8890, exposing a route for unauthenticated command injection that leads to arbitrary command execution with elevated privileges. The flaw’s root cause i...
CVE-2024-5035 TP-Link Archer C5400X - RFTest Unauthenticated Command Injection
The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...
TP-LINK Archer C4500X 安全漏洞
The TP-LINK Archer C4500X is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Archer C4500X that stems from the rftest web service being vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890, which can be exploited by a...