Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.
[
{
"vendor": "TP-Link",
"product": "Archer AX3000",
"versions": [
{
"version": "firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer AX5400",
"versions": [
{
"version": "firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Deco X50",
"versions": [
{
"version": "firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Deco XE200",
"versions": [
{
"version": "firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer Air R5",
"versions": [
{
"version": "firmware versions prior to \"Archer Air R5(JP)_V1_1.1.6 Build 20240508\"",
"status": "affected"
}
]
}
]
jvn.jp/en/vu/JVNVU91401812/
www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware
www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware
www.tp-link.com/jp/support/download/deco-xe200/#Firmware