CVE-2024-21821

Summary

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

Affected Software

VendorProductVersion RangeStatus
TP-LinkArcher AX3000firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"affected
TP-LinkArcher AX5400firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"affected
TP-LinkArcher AXE75firmware versions prior to "Archer AXE75(JP)_V1_231115"affected
TP-LinkArcher Air R5firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"affected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References