cbcvebase.
CVE-2024-21773
published 2024-01-11

CVE-2024-21773: Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS…

PriorityP356high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.53%
40.8th percentile
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

Affected

9 ranges
VendorProductVersion rangeFixed in
tp-linkarcher_air_r5
tp-linkarcher_ax3000
tp-linkarcher_ax3000_firmware< 1.1.21.1.2
tp-linkarcher_ax5400
tp-linkarcher_ax5400_firmware< 1.1.21.1.2
tp-linkdeco_x50
tp-linkdeco_x50_firmware< 1.4.11.4.1
tp-linkdeco_xe200
tp-linkdeco_xe200_firmware< 1.2.51.2.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.