Lucene search

[email protected]NVD:CVE-2024-21773

HistoryJan 11, 2024 - 12:15 a.m.

CVE-2024-21773

2024-01-1100:15:44

CWE-78

[email protected]

web.nvd.nist.gov

tp-link

remote code execution

archer ax3000

archer ax5400

deco x50

deco xe200

firmware vulnerability

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

Affected configurations

NVD

Node

tp-linkarcher_ax3000Match1.0

AND

tp-linkarcher_ax3000_firmwareRange<1.1.2

Node

tp-linkarcher_ax5400Match1.0

AND

tp-linkarcher_ax5400_firmwareRange<1.1.2

Node

tp-linkdeco_x50Match1.0

AND

tp-linkdeco_x50_firmwareRange<1.4.1

Node

tp-linkdeco_xe200Match1.0

AND

tp-linkdeco_xe200_firmwareRange<1.2.5

References

jvn.jp/en/vu/JVNVU91401812/

www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware

www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

www.tp-link.com/jp/support/download/deco-xe200/#Firmware

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for NVD:CVE-2024-21773

prion1 cve1 cvelist1