CVE-2023-40357

Summary

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

Affected Software

VendorProductVersion RangeStatus
TP-LINKArcher AX50firmware versions prior to 'Archer AX50(JP)_V1_230529'affected
TP-LINKArcher A10firmware versions prior to 'Archer A10(JP)_V2_230504'affected
TP-LINKArcher AX10firmware versions prior to 'Archer AX10(JP)_V1.2_230508'affected
TP-LINKArcher AX11000firmware versions prior to 'Archer AX11000(JP)_V1_230523'affected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References