CVE-2023-31188

2023-09-0609:28:18

jpcert

www.cve.org

tp-link

vulnerability

network-adjacent

authenticated

os commands

archer c50

archer c55

archer c20

firmware

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to ‘Archer C50(JP)_V3_230505’, Archer C55 firmware versions prior to ‘Archer C55(JP)_V1_230506’, and Archer C20 firmware versions prior to ‘Archer C20(JP)_V1_230616’.

CNA Affected

[
  {
    "vendor": "TP-LINK",
    "product": "Archer C50",
    "versions": [
      {
        "version": "firmware versions prior to 'Archer C50(JP)_V3_230505'",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-LINK",
    "product": "Archer C55",
    "versions": [
      {
        "version": "firmware versions prior to 'Archer C55(JP)_V1_230506'",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TP-LINK",
    "product": "Archer C20",
    "versions": [
      {
        "version": "firmware versions prior to 'Archer C20(JP)_V1_230616'",
        "status": "affected"
      }
    ]
  }
]