Lucene search

JpcertCVE-2023-40357

HistorySep 06, 2023 - 10:15 a.m.

CVE-2023-40357

2023-09-0610:15:14

CWE-78

jpcert

web.nvd.nist.gov

cve-2023-40357

tp-link

rce

vulnerability

security

archer ax50

archer a10

archer ax10

archer ax11000

nvd

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

24.6%

JSON

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to ‘Archer AX50(JP)_V1_230529’, Archer A10 firmware versions prior to ‘Archer A10(JP)_V2_230504’, Archer AX10 firmware versions prior to ‘Archer AX10(JP)_V1.2_230508’, and Archer AX11000 firmware versions prior to ‘Archer AX11000(JP)_V1_230523’.

Affected configurations

Nvd

Node

tp-linkarcher_ax50Match1.0

AND

tp-linkarcher_ax50_firmwareRange<230529

Node

tp-linkarcher_a10Match-

AND

tp-linkarcher_a10_firmwareRange≤230504

Node

tp-linkarcher_ax10Match-

AND

tp-linkarcher_ax10_firmwareRange<230508

Node

tp-linkarcher_ax11000Match-

AND

tp-linkarcher_ax11000_firmwareRange<230523

VendorProductVersionCPE
tp-linkarcher_ax501.0cpe:2.3:h:tp-link:archer_ax50:1.0:*:*:*:*:*:*:*
tp-linkarcher_ax50_firmware*cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:*
tp-linkarcher_a10-cpe:2.3:h:tp-link:archer_a10:-:*:*:*:*:*:*:*
tp-linkarcher_a10_firmware*cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:*
tp-linkarcher_ax10-cpe:2.3:h:tp-link:archer_ax10:-:*:*:*:*:*:*:*
tp-linkarcher_ax10_firmware*cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:*
tp-linkarcher_ax11000-cpe:2.3:h:tp-link:archer_ax11000:-:*:*:*:*:*:*:*
tp-linkarcher_ax11000_firmware*cpe:2.3:o:tp-link:archer_ax11000_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	archer_ax50	1.0	cpe:2.3:h:tp-link:archer_ax50:1.0:::::::*
tp-link	archer_ax50_firmware	*	cpe:2.3:o:tp-link:archer_ax50_firmware::::::::
tp-link	archer_a10	-	cpe:2.3:h:tp-link:archer_a10:-:::::::*
tp-link	archer_a10_firmware	*	cpe:2.3:o:tp-link:archer_a10_firmware::::::::
tp-link	archer_ax10	-	cpe:2.3:h:tp-link:archer_ax10:-:::::::*
tp-link	archer_ax10_firmware	*	cpe:2.3:o:tp-link:archer_ax10_firmware::::::::
tp-link	archer_ax11000	-	cpe:2.3:h:tp-link:archer_ax11000:-:::::::*
tp-link	archer_ax11000_firmware	*	cpe:2.3:o:tp-link:archer_ax11000_firmware::::::::

CNA Affected

[
  {
    "vendor": "TP-LINK",
    "product": "Archer AX50",
    "versions": [
      {
        "version": "firmware versions prior to 'Archer AX50(JP)_V1_230529'",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-LINK",
    "product": "Archer A10",
    "versions": [
      {
        "version": " firmware versions prior to 'Archer A10(JP)_V2_230504'",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-LINK",
    "product": "Archer AX10",
    "versions": [
      {
        "version": "firmware versions prior to 'Archer AX10(JP)_V1.2_230508'",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-LINK",
    "product": "Archer AX11000",
    "versions": [
      {
        "version": "firmware versions prior to 'Archer AX11000(JP)_V1_230523'",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU99392903/

www.tp-link.com/jp/support/download/archer-a10/#Firmware

www.tp-link.com/jp/support/download/archer-ax10/#Firmware

www.tp-link.com/jp/support/download/archer-ax11000/#Firmware

www.tp-link.com/jp/support/download/archer-ax50/#Firmware

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

24.6%

JSON

Related for CVE-2023-40357