Lucene search

[email protected]CVE-2024-21773

HistoryJan 11, 2024 - 12:15 a.m.

CVE-2024-21773

2024-01-1100:15:44

CWE-78

[email protected]

web.nvd.nist.gov

cve

tp-link

network security

vulnerability

os command execution

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to “Archer AX3000(JP)_V1_1.1.2 Build 20231115”, Archer AX5400 firmware versions prior to “Archer AX5400(JP)_V1_1.1.2 Build 20231115”, Deco X50 firmware versions prior to “Deco X50(JP)_V1_1.4.1 Build 20231122”, and Deco XE200 firmware versions prior to “Deco XE200(JP)_V1_1.2.5 Build 20231120”.

Affected configurations

NVD

Node

tp-linkarcher_ax3000Match1.0

AND

tp-linkarcher_ax3000_firmwareRange<1.1.2

Node

tp-linkarcher_ax5400Match1.0

AND

tp-linkarcher_ax5400_firmwareRange<1.1.2

Node

tp-linkdeco_x50Match1.0

AND

tp-linkdeco_x50_firmwareRange<1.4.1

Node

tp-linkdeco_xe200Match1.0

AND

tp-linkdeco_xe200_firmwareRange<1.2.5

CPENameOperatorVersion
tp-link:archer_ax3000_firmwaretp-link archer ax3000 firmwarelt1.1.2

CPE	Name	Operator	Version
tp-link:archer_ax3000_firmware	tp-link archer ax3000 firmware	lt	1.1.2

CNA Affected

[
  {
    "vendor": "TP-Link",
    "product": "Archer AX3000",
    "versions": [
      {
        "version": "firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\"",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-Link",
    "product": "Archer AX5400",
    "versions": [
      {
        "version": "firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\"",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-Link",
    "product": "Deco X50",
    "versions": [
      {
        "version": "firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\"",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-Link",
    "product": "Deco XE200",
    "versions": [
      {
        "version": "firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91401812/

www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

www.tp-link.com/jp/support/download/deco-xe200/#Firmware

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2024-21773

prion1 nvd1 cvelist1