OS Command Injection Vulnerability in TP-Link Archer A10 Firmware
CVE-2023-38568

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Archer A10
Vendor: CVE Published:; 6 September 2023

Summary

The Archer A10 firmware has a significant vulnerability that permits a network-adjacent unauthenticated attacker to execute arbitrary OS commands. This flaw, found in versions prior to 'Archer A10(JP)_V2_230504', could lead to unauthorized access and control over affected devices, presenting a serious security risk to users. It is crucial for users to update their firmware promptly to mitigate this exploit and ensure their network remains secure.

Affected Version(s)

Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504'

References

https://www.tp-link.com/jp/support/download/archer-a10/#F...

https://jvn.jp/en/vu/JVNVU99392903/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Aug 15, 2023