PT-2024-5005 · Tp Link · Tp-Link Archer Ax3000 +3

Name of the Vulnerable Software and Affected Versions: TP-LINK products affected versions not specified TP-Link Archer AX3000 TP-Link Archer AXE75 TP-Link Archer AX5400 TP-Link Archer Air R5 TP-Link Archer AXE5400 Description: The issue allows a network-adjacent attacker with administrative...

CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2024-21773

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings...

CVE-2024-21821

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands...

Design/Logic Flaw

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000JPV11.1.2 Build 20231115", Archer AX5400 firmware versions pri...

Design/Logic Flaw

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000JPV11.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400JPV11.1.2...

CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2024-21821

CVE-2024-21821 affects TP-LINK routers (e.g., Archer AX3000, AX5400, AXE75). A network-adjacent authenticated attacker with LAN/Wi‑Fi access can execute arbitrary OS commands due to inadequate input handling in the device OS. CVSS 3.1 base score 8.0 (ADJACENT, LOW{PR:L}, UI: NONE; impact C/I/A: H...

CVE-2024-21821

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands...

CVE-2024-21773

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings...

Multiple TP-LINK Products Operating System Command Injection Vulnerability

The TP-LINK Archer AX3000 is a wireless router from China P&L TP-LINK. An operating system command injection vulnerability exists in multiple TP-LINK products, which originates from a vulnerability that allows an authenticated attacker on a neighboring network to access the product and execute...

Multiple TP-LINK Products Operating System Command Injection Vulnerability

The TP-LINK Archer AX3000 is a wireless router from China P&L TP-LINK. An operating system command injection vulnerability exists in multiple TP-LINK products, which originates from a vulnerability that allows an authenticated attacker on a neighboring network to access the product and execute...

Multiple TP-LINK Products Operating System Command Injection Vulnerability

The TP-LINK Archer AX3000 is a wireless router from China P&L TP-LINK. An operating system command injection vulnerability exists in multiple TP-LINK products that originates from allowing an authenticated attacker on a neighboring network to execute arbitrary operating system commands and affect...

Heights Telecom ERO1xS-Pro 命令注入漏洞

Heights Telecom ERO1xS-Pro is a Dual-Band WiFi6 AX5400 MESH Extender from Heights Telecom. A security vulnerability exists in Heights Telecom ERO1xS-Pro Dual-Band FW BZERO1XP.025 version, which stems from the presence of a command injection vulnerability...

CVE-2021-41435

CVE-2021-41435 affects a broad set of ASUS router models and TUF/ZenWiFi devices. The flaw is a brute-force protection bypass in the CAPTCHA protection that allows a remote attacker to perform an arbitrary number of login attempts by sending a specific HTTP request. Affected versions are before 3...