OS Command Execution Vulnerability in TP-Link Archer C5 and C7 Routers
CVE-2023-39224

8HIGH

Key Information:

Vendor: Tp-link
Status: Archer C5; Archer C7
Vendor: CVE Published:; 6 September 2023

Summary

The Archer C5 and earlier versions of the Archer C7 firmware have a vulnerability that permits a network-adjacent authenticated attacker to execute arbitrary operating system commands. Notably, the Archer C5 product is no longer supported, meaning users of this device will not receive an update to mitigate this vulnerability. Users should take immediate action to secure their network against potential exploits exploiting this weakness.

Affected Version(s)

Archer C5 firmware all versions

Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602'

References

https://www.tp-link.com/jp/support/download/archer-c7/v2/...

https://jvn.jp/en/vu/JVNVU99392903/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Aug 15, 2023