CVE-2024-5035
Published: 27 May 2024
Summary
CVE-2024-5035 is a high-severity Command Injection (CWE-77) vulnerability in Onekey (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is an unauthenticated command injection flaw in the "rftest" network service exposed on ports TCP/8888, TCP/8889, and TCP/8890 of the TP-Link Archer C4500X router. The issue, tracked as CVE-2024-5035 and assigned CWE-77, affects all firmware versions through 1_1.1.6 and carries a CVSS 4.0 score of 8.8.
A remote attacker on the adjacent network can connect to any of the three ports and inject operating-system commands without authentication or user interaction, resulting in arbitrary command execution with elevated privileges on the device.
The referenced TP-Link advisory and firmware page for the Archer C5400X indicate that updated firmware should be applied to address the exposure, while the OneKey disclosure provides technical details on the affected service and ports. The associated EPSS score has remained flat at 0.0786 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46302
Vulnerability details
The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated…
more
privileges.This issue affects Archer C4500X: through 1_1.1.6.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.