Lucene search

PRIOn knowledge basePRION:CVE-2024-21833

HistoryJan 11, 2024 - 12:15 a.m.

Design/Logic Flaw

2024-01-1100:15:00

PRIOn knowledge base

www.prio-n.com

tp-link

arbitrary commands

security flaw

network-adjacent

product versions

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.8%

JSON

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to “Archer AX3000(JP)_V1_1.1.2 Build 20231115”, Archer AX5400 firmware versions prior to “Archer AX5400(JP)_V1_1.1.2 Build 20231115”, Archer AXE75 firmware versions prior to “Archer AXE75(JP)_V1_231115”, Deco X50 firmware versions prior to “Deco X50(JP)_V1_1.4.1 Build 20231122”, and Deco XE200 firmware versions prior to “Deco XE200(JP)_V1_1.2.5 Build 20231120”.

CPENameOperatorVersion
archer_ax3000_firmwarelt1.1.2
archer_ax5400_firmwarelt1.1.2
archer_axe75_firmwarelt1.1.9
deco_x50_firmwarelt1.4.1
deco_xe200_firmwarelt1.2.5

Name	Operator	Version
archer_ax3000_firmware	lt	1.1.2
archer_ax5400_firmware	lt	1.1.2
archer_axe75_firmware	lt	1.1.9
deco_x50_firmware	lt	1.4.1
deco_xe200_firmware	lt	1.2.5

References

jvn.jp/en/vu/JVNVU91401812/

www.tp-link.com/jp/support/download/archer-ax3000/

www.tp-link.com/jp/support/download/archer-ax5400/

www.tp-link.com/jp/support/download/archer-axe75/

www.tp-link.com/jp/support/download/deco-x50/v1/

www.tp-link.com/jp/support/download/deco-xe200/