CVE-2024-21773

8.8HIGH

Key Information

Vendor: TP-Link
Status: Archer AX3000; Archer AX5400; Deco X50; Deco XE200
Vendor: CVE Published:; 11 January 2024

Summary

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

Affected Version(s)

Archer AX3000 = firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"

Archer AX5400 = firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"

Deco X50 = firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122"

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 11, 2024
Vulnerability Reserved.
Jan 4, 2024

Collectors

NVD DatabaseMitre Database