чной Code Injection Vulnerability Affects TP-Link Routers

CVE-2023-39471

7.5HIGH

Key Information

Vendor: Tp-link
Status: Tl-wr841n
Vendor: CVE Published:; 3 May 2024

Summary

TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.

Affected Version(s)

TL-WR841N = 4.19

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
May 3, 2024
Vulnerability published.
May 3, 2024
Vulnerability Reserved.
Aug 2, 2023

Collectors

NVD DatabaseMitre Database