Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to ‘Archer AX50(JP)_V1_230529’, Archer A10 firmware versions prior to ‘Archer A10(JP)_V2_230504’, Archer AX10 firmware versions prior to ‘Archer AX10(JP)_V1.2_230508’, and Archer AX11000 firmware versions prior to ‘Archer AX11000(JP)_V1_230523’.
[
{
"cpes": [
"cpe:2.3:o:tp-link:archer_ax50_firmware:-:*:*:*:*:*:*:*"
],
"vendor": "tp-link",
"product": "archer_ax50_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "230529",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:tp-link:archer_a10_firmware:-:*:*:*:*:*:*:*"
],
"vendor": "tp-link",
"product": "archer_a10_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "230504"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:tp-link:archer_ax10_firmware:-:*:*:*:*:*:*:*"
],
"vendor": "tp-link",
"product": "archer_ax10_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "230508",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:tp-link:archer_ax11000_firmware:-:*:*:*:*:*:*:*"
],
"vendor": "tp-link",
"product": "archer_ax11000_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "230523",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]