Attention all TP-Link Archer C5400X 3-band router users, especially gamers: It has come to our attention that there is a critical security vulnerability in these routers that needs immediate attention. Security researchers have identified a severe vulnerability, known as CVE-2024-5035, with the highest severity level (10) on the Common Vulnerability Scoring System (CVSS). This vulnerability allows remote hackers to take full control of the device.
The vulnerability lies in a network service called “rftest” exposed on TCP ports 8888, 8889, and 8890. Exploiting this service allows unauthenticated attackers to execute malicious commands and gain full remote code execution privileges on the affected device.
The company ONEKEY (Germany) that discovered this vulnerability stated that remote unauthenticated attackers can execute arbitrary commands on the device with enhanced privileges. This poses a serious threat to gamers and anyone using these routers. In the wrong hands, a skilled hacker could inject malware or compromise the router to launch further attacks on the victim’s network.
While the “rftest” service only allows wireless configuration commands, researchers found that these restrictions can be easily bypassed, allowing bad actors to execute almost any code they desire on the compromised router.
It is speculated that TP-Link may have hastily released this “rftest” API without proper security measures, leading to this remote code execution vulnerability. The affected firmware versions include all Archer C5400X models up to 1.1.1.6. TP-Link has released firmware 1.1.1.7 to patch this security flaw.
If you own one of these routers, it is crucial to log in to the router admin page and check for updates immediately. Alternatively, you can download and install firmware 1.1.1.7 manually from TP-Link’s support page to protect your device from this serious security vulnerability.