Command Injection Vulnerability in TP-LINK Networking Products
CVE-2024-21821

8HIGH

Key Information:

Vendor: TP-Link
Status: Archer AX3000; Archer AX5400; Archer AXE75
Vendor: CVE Published:; 11 January 2024

Summary

Several TP-LINK products are susceptible to a vulnerability that allows authenticated attackers on the same local network to execute arbitrary operating system commands. This flaw can be exploited through access via either the LAN port or Wi-Fi, potentially compromising the security and integrity of the affected networking devices. It is crucial for users to be aware of this issue and take appropriate measures to secure their devices against unauthorized access.

Affected Version(s)

Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"

Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"

Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115"

References

https://www.tp-link.com/jp/support/download/archer-ax3000...

https://www.tp-link.com/jp/support/download/archer-ax5400...

https://www.tp-link.com/jp/support/download/archer-axe75/...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2024
Vulnerability Reserved
Jan 4, 2024