CVE-2023-31188

Summary

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.

Affected Software

VendorProductVersion RangeStatus
TP-LINKArcher C50firmware versions prior to 'Archer C50(JP)_V3_230505'affected
TP-LINKArcher C55firmware versions prior to 'Archer C55(JP)_V1_230506'affected
TP-LINKArcher C20firmware versions prior to 'Archer C20(JP)_V1_230616'affected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References