CVE-2024-21833
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.8%
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
Affected configurations
References
jvn.jp/en/vu/JVNVU91401812/
www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
www.tp-link.com/jp/support/download/archer-axe75/#Firmware
www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware
www.tp-link.com/jp/support/download/deco-xe200/#Firmware
Related
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.8%