8.8

CVE-2023-1389

Warnung
Medienbericht
Exploit
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkArcher Ax21 Firmware Version < 1.1.4
   Tp-linkArcher Ax21 Version-

01.05.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

TP-Link Archer AX-21 Command Injection Vulnerability

Schwachstelle

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 100% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
30.04.2026 16:24
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
22.04.2026 22:18
http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html
Third Party Advisory
Exploit
VDB Entry
https://www.tenable.com/security/research/tra-2023-11
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-1389
US Government Resource