CVE-2024-21833
Key Information
- Vendor
- TP-Link
- Status
- Archer AX3000
- Archer AX5400
- Archer AXE75
- Deco X50
- Vendor
- CVE Published:
- 11 January 2024
Badges
Summary
A critical vulnerability, identified as CVE-2024-21833, has been discovered in multiple TP-LINK products, allowing attackers to execute arbitrary OS commands without authentication. This flaw affects various router models, potentially enabling malicious actors to disrupt services, steal sensitive information, or enlist devices into botnets. There is evidence of active exploitation of this vulnerability, with discussions of potential sharing of exploit tools in underground forums. It is crucial for users to update their firmware to address the security concerns and consider implementing network segmentation and firewall rules to restrict access to vulnerable devices.
Affected Version(s)
Archer AX3000 = firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"
Archer AX5400 = firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"
Archer AXE75 = firmware versions prior to "Archer AXE75(JP)_V1_231115"
News Articles
CYFIRMA Research - Comprehensive Analysis of CVE-2024-21833 Vulnerability in TP-Link Routers : Threat Landscape, Exploitation Risks, and Mitigation Strategies
Listen to CYFIRMA Research - Comprehensive Analysis Of CVE-2024-21833 Vulnerability In TP-Link Routers : Threat Landscape, Exploitation Risks, And Mitigation Strategies and eighty-one more episodes by CYFIRMA Research, free! No signup or install needed. CYFIRMA Research - Comprehensive Analysis of C...
9 months ago
Cyber Threat Intelligence Reports | Risk Research | Out of Band
Cyber Threat Intelligence Reports and the latest research on Cybersecurity risks applicable to an organization, its industry, and geography.
9 months ago
Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices
There is no publicly available PoC exploit for CVE-2024-21833. Evidence from underground forums indicates active exploitation of this flaw
9 months ago
CVSS V3.1
Timeline
Vulnerability started trending.
- 👾
Exploit exists.
First article discovered by Penetration Testing
Vulnerability published.
Vulnerability Reserved.