CVE-2023-40357
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
06/09/2023
Last modified:
27/09/2024
Description
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.
Impact
Base Score 3.x
8.00
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:tp-link:archer_ax50:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:* | 230529 (excluding) | |
| cpe:2.3:h:tp-link:archer_a10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:* | 230504 (including) | |
| cpe:2.3:h:tp-link:archer_ax10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:* | 230508 (excluding) | |
| cpe:2.3:h:tp-link:archer_ax11000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:archer_ax11000_firmware:*:*:*:*:*:*:*:* | 230523 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jvn.jp/en/vu/JVNVU99392903/
- https://www.tp-link.com/jp/support/download/archer-a10/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware