Vulnerability Details CVE-2023-40357
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.1%
CVSS Severity
CVSS v3 Score 8.0
References
- https://jvn.jp/en/vu/JVNVU99392903/
- https://www.tp-link.com/jp/support/download/archer-a10/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware
- https://jvn.jp/en/vu/JVNVU99392903/
- https://www.tp-link.com/jp/support/download/archer-a10/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware
Products affected by CVE-2023-40357
-
cpe:2.3:h:tp-link:archer_a10:-
-
cpe:2.3:h:tp-link:archer_ax10:-
-
cpe:2.3:h:tp-link:archer_ax11000:-
-
cpe:2.3:h:tp-link:archer_ax50:1.0
-
cpe:2.3:o:tp-link:archer_a10_firmware:-
-
cpe:2.3:o:tp-link:archer_a10_firmware:230504
-
cpe:2.3:o:tp-link:archer_ax10_firmware:-
-
cpe:2.3:o:tp-link:archer_ax10_firmware:230220
-
cpe:2.3:o:tp-link:archer_ax11000_firmware:-
-
cpe:2.3:o:tp-link:archer_ax50_firmware:-
-
cpe:2.3:o:tp-link:archer_ax50_firmware:1.0.11
-
cpe:2.3:o:tp-link:archer_ax50_firmware:210730