8.8

CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkArcher Ax3000 Firmware Version < 1.1.2
   Tp-linkArcher Ax3000 Version1.0
Tp-linkArcher Ax5400 Firmware Version < 1.1.2
   Tp-linkArcher Ax5400 Version1.0
Tp-linkDeco X50 Firmware Version < 1.4.1
   Tp-linkDeco X50 Version1.0
Tp-linkDeco Xe200 Firmware Version < 1.2.5
   Tp-linkDeco Xe200 Version1.0
Tp-linkArcher Axe75 Firmware Version < 1.1.9
   Tp-linkArcher Axe75 Version1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.07% 0.605
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://jvn.jp/en/vu/JVNVU91401812/
Third Party Advisory
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
Product
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
Product
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware
Product
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware
Product
https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware
Product