ghsa-wqqq-355c-2q6w
Vulnerability from github
Published
2024-01-11 00:30
Modified
2024-07-04 00:37
Severity
Details
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115".
{
"affected": [],
"aliases": [
"CVE-2024-21821"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-11T00:15:44Z",
"severity": "HIGH"
},
"details": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", and Archer AXE75 firmware versions prior to \"Archer AXE75(JP)_V1_231115\".",
"id": "GHSA-wqqq-355c-2q6w",
"modified": "2024-07-04T00:37:43Z",
"published": "2024-01-11T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21821"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU91401812"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading...