TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability
CVE-2023-27359

9.8CRITICAL

Key Information:

Vendor
Tp-link
Status
Ax1800
Vendor
CVE Published:
3 May 2024

What is CVE-2023-27359?

CVE-2023-27359 is a vulnerability found in the TP-Link AX1800 series of routers, particularly affecting the Archer AX21 model. This product is designed to provide high-speed wireless internet connectivity and security features for home and small office networks. The vulnerability allows remote attackers to exploit the router’s firewall management process, potentially enabling them to access services typically restricted to the local area network (LAN) without requiring authentication. This could lead to unauthorized manipulation or interception of network traffic, severely impacting the overall security posture of an organization.

Technical Details

The vulnerability resides within the hotplugd daemon of TP-Link routers, specifically related to its handling of firewall rules. The underlying flaw is a race condition that occurs during the management of firewall rules, allowing an attacker to bypass intended security measures. Attackers can exploit this condition to access LAN-only resources and may utilize it in coordination with other vulnerabilities. If successfully exploited, it can lead to arbitrary code execution with root privileges, giving malicious actors extensive control over affected devices.

Potential Impact of CVE-2023-27359

  1. Unauthorized Access to LAN Resources: The vulnerability can enable attackers to access sensitive resources and services normally restricted to the internal network, posing a significant threat to data confidentiality and integrity.

  2. Arbitrary Code Execution: If exploited, this vulnerability allows attackers to execute arbitrary code with root privileges, which can facilitate further attacks, including the installation of malware or manipulation of network configurations.

  3. Risk of Network Compromise: Given that the vulnerability can be exploited without authentication, compromised routers may serve as a gateway for broader network attacks, allowing adversaries to pivot to other devices within the same network and potentially leading to larger-scale breaches.

Affected Version(s)

AX1800 AX21(US)_V3_1.1.1 Build 20220603

References

https://www.zerodayinitiative.com/advisories/ZDI-23-452/
x_research-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.