TP-Link Vulnerable to OS Command Injection Through 2024.03.28

CVE-2023-6437

9.8CRITICAL

Key Information

Vendor: Tp-link
Status: Tp-link Ex20v Ax1800, Tp-link Archer C5v Ac1200, Tp-link Td-w9970, Tp-link Td-w9970v3, Tp-link Vx220-g2u, Tp-link Vn020-g2u
Vendor: CVE Published:; 28 March 2024

Summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported.

Affected Version(s)

TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u <= 20240328

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 28, 2024
Vulnerability Reserved.
Nov 30, 2023

Collectors

NVD DatabaseMitre Database

Credit

Muhammet Gedik