Vulnerability Details CVE-2024-21833
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.1%
CVSS Severity
CVSS v3 Score 8.8
References
- https://jvn.jp/en/vu/JVNVU91401812/
- https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
- https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware
- https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware
- https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware
- https://jvn.jp/en/vu/JVNVU91401812/
- https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
- https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware
- https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware
- https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware
Products affected by CVE-2024-21833
-
cpe:2.3:h:tp-link:archer_ax3000:1.0
-
cpe:2.3:h:tp-link:archer_ax5400:1.0
-
cpe:2.3:h:tp-link:archer_axe75:1.0
-
cpe:2.3:h:tp-link:deco_x50:1.0
-
cpe:2.3:h:tp-link:deco_xe200:1.0
-
cpe:2.3:o:tp-link:archer_ax3000_firmware:1.0.0
-
cpe:2.3:o:tp-link:archer_ax3000_firmware:1.1.1
-
cpe:2.3:o:tp-link:archer_ax5400_firmware:1.0.1
-
cpe:2.3:o:tp-link:archer_ax5400_firmware:1.1.1
-
cpe:2.3:o:tp-link:archer_axe75_firmware:1.1.6
-
cpe:2.3:o:tp-link:archer_axe75_firmware:1.1.8
-
cpe:2.3:o:tp-link:deco_x50_firmware:1.3.0
-
cpe:2.3:o:tp-link:deco_x50_firmware:1.3.1
-
cpe:2.3:o:tp-link:deco_xe200_firmware:1.2.3
-
cpe:2.3:o:tp-link:deco_xe200_firmware:1.2.4