TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP‑Link Archer C5400X contains a critical remote command injection and buffer overflow vulnerability in the 'rftest' network service (CVE-2024-5035, CVSS 10.0) reachable on TCP ports 8888–8890; an attacker can supply shell metacharacters to achieve elevated arbitrary command execution. TP‑Link released firmware v1.1.7 (Build 20240510) on May 24, 2024 to filter out shell metacharacters and remediate the issue; users should update vulnerable devices promptly.