Archer C50 firmware versions prior to ‘Archer C50(JP)_V3_230505’ and Archer C55 firmware versions prior to ‘Archer C55(JP)_V1_230506’ use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
[
{
"vendor": "TP-LINK",
"product": "Archer C50",
"versions": [
{
"version": "firmware versions prior to 'Archer C50(JP)_V3_230505'",
"status": "affected"
}
]
},
{
"vendor": "TP-LINK",
"product": "Archer C55",
"versions": [
{
"version": "firmware versions prior to 'Archer C55(JP)_V1_230506'",
"status": "affected"
}
]
}
]