cbcvebase.
CVE-2023-40357
published 2023-09-06

CVE-2023-40357: Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer…

PriorityP347high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
0.42%
33.5th percentile
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

Affected

8 ranges
VendorProductVersion rangeFixed in
tp-linkarcher_a10
tp-linkarcher_a10_firmware<= 230504
tp-linkarcher_ax10
tp-linkarcher_ax10_firmware< 230508230508
tp-linkarcher_ax11000
tp-linkarcher_ax11000_firmware< 230523230523
tp-linkarcher_ax50
tp-linkarcher_ax50_firmware< 230529230529
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.