CVE-2024-5035
CVSS V2 None
CVSS V3 None
Description
The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.
Overview
- CVE ID
- CVE-2024-5035
- Assigner
- ONEKEY
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-27T07:22:59.959Z
- Last Modified Date
- 2024-06-04T18:01:50.159Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/ | third-party-advisory |
| https://www.tp-link.com/en/support/download/archer-c5400x/#Firmware | vendor-advisory release-notes |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5035 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5035 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 03:34:16 | Added to TrackCVE |