CVE-2024-21821

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115".
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:archer_ax3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_ax3000:1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tp-link:archer_ax5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_ax5400:1.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tp-link:archer_axe75_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_axe75:1.0:*:*:*:*:*:*:*

History

18 Jan 2024, 17:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0
CPE cpe:2.3:h:tp-link:archer_ax5400:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_axe75:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_axe75_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_ax3000:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax5400_firmware:*:*:*:*:*:*:*:*
References () https://jvn.jp/en/vu/JVNVU91401812/ - () https://jvn.jp/en/vu/JVNVU91401812/ - Third Party Advisory
References () https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware - () https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware - Product
References () https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware - () https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware - Product
References () https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware - () https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware - Product
CWE CWE-78
First Time Tp-link archer Axe75
Tp-link
Tp-link archer Ax5400 Firmware
Tp-link archer Ax3000
Tp-link archer Axe75 Firmware
Tp-link archer Ax5400
Tp-link archer Ax3000 Firmware

11 Jan 2024, 13:57

Type Values Removed Values Added
Summary
  • (es) Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX3000 anteriores a "Archer AX3000(JP)_V1_1.1.2 Build 20231115", versiones de firmware de Archer AX5400 anteriores a "Archer AX5400(JP)_V1_1.1.2 Build 20231115" y firmware de Archer AXE75 versiones anteriores a "Archer AXE75(JP)_V1_231115".

11 Jan 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 00:15

Updated : 2024-01-18 17:08


NVD link : CVE-2024-21821

Mitre link : CVE-2024-21821

CVE.ORG link : CVE-2024-21821


JSON object : View

Products Affected

tp-link

  • archer_ax5400
  • archer_axe75
  • archer_axe75_firmware
  • archer_ax3000
  • archer_ax5400_firmware
  • archer_ax3000_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')