CVE-2024-21833
EUVD-2024-1944511.01.2024, 00:15
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tp-link | archer_ax3000_firmware | 𝑥 < 1.1.2 |
| tp-link | archer_ax5400_firmware | 𝑥 < 1.1.2 |
| tp-link | deco_x50_firmware | 𝑥 < 1.4.1 |
| tp-link | deco_xe200_firmware | 𝑥 < 1.2.5 |
| tp-link | archer_axe75_firmware | 𝑥 < 1.1.9 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| tp-link | archer_ax3000 | 1.0 ≤ 𝑥 < ax3000(jp)_v1_1.1.2_build 20231115" | ADP |
| tp-link | archer_ax5400 | 𝑥 < ax5400(jp)_v1_1.1.2_build_20231115 | ADP |
| tp-link | archer_axe75 | 𝑥 < axe75(jp)_ v1_231115 | ADP |
| tp-link | deco_x50 | 𝑥 < deco_x50(jp)_V1_1.4.1_build 20231122" | ADP |
| tp-link | deco_xe200 | 𝑥 < deco_xe200(jp)_v1_1.2.5_build 20231120" | ADP |
References