Design/Logic Flaw

2023-09-0610:15:00

PRIOn knowledge base

www.prio-n.com

tp-link

network-adjacent attacker

authenticated attacker

os commands

archer c50

archer c55

archer c20

firmware versions prior

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to ‘Archer C50(JP)_V3_230505’, Archer C55 firmware versions prior to ‘Archer C55(JP)_V1_230506’, and Archer C20 firmware versions prior to ‘Archer C20(JP)_V1_230616’.

CPENameOperatorVersion
archer_c50_v3_firmwarelt230505
archer_c55_firmwarelt230506

CPE	Name	Operator	Version
	archer_c50_v3_firmware	lt	230505
	archer_c55_firmware	lt	230506

References

jvn.jp/en/vu/JVNVU99392903/

www.tp-link.com/jp/support/download/archer-c20/v1/

www.tp-link.com/jp/support/download/archer-c50/v3/

www.tp-link.com/jp/support/download/archer-c55/