чной Code Injection Vulnerability Affects TP-Link Routers
CVE-2023-39471

7.5HIGH

Key Information:

Vendor: Tp-link
Status: Tl-wr841n
Vendor: CVE Published:; 3 May 2024

Summary

The TP-Link TL-WR841N router is vulnerable to a command injection issue within the ated_tp service, which permits network-adjacent attackers to execute arbitrary code on affected installations. The vulnerability stems from insufficient validation of user input before it is utilized in system calls. Notably, exploitation of this flaw does not require authentication, potentially allowing unauthorized users to run arbitrary code with root privileges. This significantly compromises the integrity and security of the affected devices.

Affected Version(s)

TL-WR841N 4.19

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1624/

x_research-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Aug 2, 2023