CVE-2023-40357

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
06/09/2023
Last modified:
27/09/2024

Description

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

Vulnerable products and versions

CPE From Up to
cpe:2.3:h:tp-link:archer_ax50:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:* 230529 (excluding)
cpe:2.3:h:tp-link:archer_a10:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:* 230504 (including)
cpe:2.3:h:tp-link:archer_ax10:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:* 230508 (excluding)
cpe:2.3:h:tp-link:archer_ax11000:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax11000_firmware:*:*:*:*:*:*:*:* 230523 (excluding)