CVSS4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/SC:L/VI:H/SI:N/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
The affected device expose a network service called “rftest” that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.
[
{
"defaultStatus": "unaffected",
"modules": [
"rftest"
],
"product": "Archer C4500X",
"vendor": "TP-Link",
"versions": [
{
"lessThanOrEqual": "1_1.1.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]