Lucene search
TenableCVELIST:CVE-2023-1389HistoryMar 15, 2023 - 12:00 a.m.
CVE-2023-1389
2023-03-1500:00:00
tenable
www.cve.org
tp-link
archer
ax21
firmware
vulnerability
command injection
web management interface
unauthenticated attacker
popen()
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
CNA Affected
[
{
"vendor": "n/a",
"product": "TP-Link Archer AX21 (AX1800)",
"versions": [
{
"version": "All versions prior to version 1.14 Build 20230219",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-1389
2023-03-15 23:15:09
prion
prion
Command injection
2023-03-15 23:15:00
cisa_kev
cisa_kev
TP-Link Archer AX-21 Command Injection Vulnerability
2023-05-01 00:00:00
zdt
zdt
TP-Link Archer AX21 - Unauthenticated Command Injection Exploit
2023-08-10 00:00:00
githubexploit
githubexploit
Exploit for Command Injection in Tp-Link Archer Ax21 Firmware
2023-09-09 15:53:22
Exploit for Command Injection in Tp-Link Archer Ax21 Firmware
2023-07-28 03:09:00
attackerkb
attackerkb
CVE-2023-1389
2023-03-15 00:00:00
thn
thn
zdi
zdi
packetstorm
packetstorm
TP-Link Archer AX21 Command Injection
2023-08-11 00:00:00
cnvd
cnvd
TP-Link Archer AX21 AX1800 Command Injection Vulnerability
2023-03-16 00:00:00
nessus
nessus
TP-Link Archer AX21 Command Injection (CVE-2023-1389)
2023-06-26 00:00:00
cve
cve
CVE-2023-1389
2023-03-15 23:15:09
exploitdb
exploitdb
TP-Link Archer AX21 - Unauthenticated Command Injection
2023-08-10 00:00:00
malwarebytes
malwarebytes