Lucene search
K

CVE-2023-28760

๐Ÿ—“๏ธย 02 Oct 2025ย 00:00:00Reported byย mitreTypeย 
cve
ย cve
๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 21ย Views๐ŸŒ WEB

TP-Link AX1800 AX21 allows unauthenticated attackers to gain root via db_dir in minidlnad with USB.

Related
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-28760
2 Oct 202500:00
โ€“attackerkb
BDU FSTEC
The vulnerability of the MiniDLNA service in the TPDLNA/files.db file of TP-Link Archer AX20 (AX1800) routers allows a hacker to execute arbitrary code.
17 Apr 202300:00
โ€“bdu_fstec
Circl
CVE-2023-28760
24 Mar 202312:53
โ€“circl
CNNVD
TP-Link AX1800 ๅฎ‰ๅ…จๆผๆดž
2 Oct 202500:00
โ€“cnnvd
Cvelist
CVE-2023-28760
2 Oct 202500:00
โ€“cvelist
EUVD
EUVD-2023-32395
3 Oct 202520:07
โ€“euvd
NVD
CVE-2023-28760
2 Oct 202514:15
โ€“nvd
Positive Technologies
PT-2023-2326
24 Mar 202300:00
โ€“ptsecurity
RedhatCVE
CVE-2023-28760
3 Oct 202500:46
โ€“redhatcve
Source Incite
SRC-2023-0003 : TP-Link Archer AX20/AX21 minidlnad db_dir Remote Code Execution Vulnerability
4 Feb 202300:00
โ€“srcincite
Rows per page
ParameterPositionPathDescriptionCWE
BrowseMetadata*request body/ctl/ContentDirPre-authenticated RCE via crafted BrowseMetadata payload in ContentDir SOAP callCWE-121
{object_id}-si.jpgpath/AlbumArt/{object_id}-si.jpgUsed in exploit flow to fetch hash and deliver crafted DB content for overflowCWE-121
stokrequest body/cgi-bin/luci/;stok=/loginPre-authentication login endpoint used in PoC to access and prepare the device for exploitationCWE-121
sysauthrequest body/cgi-bin/luci/;stok=/loginPre-authentication login endpoint used in PoC to access and prepare the device for exploitationCWE-121

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 05:48Current
7.7High risk
Vulners AI Score7.7
CVSS 3.17.5
EPSS0.03138
SSVC
21