Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.
[
{
"vendor": "TP-Link",
"product": "Archer AX3000",
"versions": [
{
"version": "firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer AX5400",
"versions": [
{
"version": "firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer AXE75",
"versions": [
{
"version": "firmware versions prior to \"Archer AXE75(JP)_V1_231115\"",
"status": "affected"
}
]
},
{
"vendor": "TP-Link",
"product": "Archer Air R5",
"versions": [
{
"version": "firmware versions prior to \"Archer Air R5(JP)_V1_1.1.6 Build 20240508\"",
"status": "affected"
}
]
}
]