Vulnerability Details CVE-2023-36489
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.9%
CVSS Severity
CVSS v3 Score 8.8
References
- https://jvn.jp/en/vu/JVNVU99392903/
- https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware
- https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware
- https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware
- https://jvn.jp/en/vu/JVNVU99392903/
- https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware
- https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware
- https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware
Products affected by CVE-2023-36489
-
cpe:2.3:h:tp-link:tl-wr802n:-
-
cpe:2.3:h:tp-link:tl-wr841n:-
-
cpe:2.3:h:tp-link:tl-wr902ac:-
-
cpe:2.3:o:tp-link:tl-wr802n_firmware:*
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:-
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:0.9.1_4.16
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:0.9.1_4.18
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:150310
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:150616
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:201216
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:3.13.9
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:3.16.9
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:4.17.16_build_120201_rel.54750n
-
cpe:2.3:o:tp-link:tl-wr902ac_firmware:-
-
cpe:2.3:o:tp-link:tl-wr902ac_firmware:191209
-
cpe:2.3:o:tp-link:tl-wr902ac_firmware:3.0.9.1