Lucene search
JpcertCVELIST:CVE-2024-21773HistoryJan 10, 2024 - 11:24 p.m.
CVE-2024-21773
2024-01-1023:24:50
jpcert
www.cve.org
1
tp-link
products
vulnerability
arbitrary
os commands
execution
archer ax3000
archer ax5400
deco x50
deco xe200
firmware versions
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.
CNA Affected
[
{
"vendor": "TP-Link",
"product": "Archer AX3000",
"versions": [
{
"version": "firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer AX5400",
"versions": [
{
"version": "firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Deco X50",
"versions": [
{
"version": "firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Deco XE200",
"versions": [
{
"version": "firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer Air R5",
"versions": [
{
"version": "firmware versions prior to \"Archer Air R5(JP)_V1_1.1.6 Build 20240508\"",
"status": "affected"
}
]
}
]References
jvn.jp/en/vu/JVNVU91401812/
www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware
www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware
www.tp-link.com/jp/support/download/deco-xe200/#Firmware
Related
prion
prion
Design/Logic Flaw
2024-01-11 00:15:00
cve
cve
CVE-2024-21773
2024-01-11 00:15:44
nvd
nvd
CVE-2024-21773
2024-01-11 00:15:44