TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A maximum-severity RCE vulnerability (CVE-2024-5035, CVSS 10.0) was disclosed in the TP-Link Archer C5400X router. The flaw stems from an rftest binary that exposes a network listener on TCP ports 8888, 8889, and 8890 and can be exploited by injecting commands via shell metacharacters (e.g., "wl;id;"). TP-Link released a patch in firmware 1_1.1.7 (Build 20240510) that rejects commands containing special characters; the report also highlights similar unpatched issues in other legacy networking products.