cbcvebase.
CVE-2024-21833
published 2024-01-11

CVE-2024-21833: Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device…

PriorityP182high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.07%
60.7th percentile
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Affected

10 ranges
VendorProductVersion rangeFixed in
tp-linkarcher_ax3000
tp-linkarcher_ax3000_firmware< 1.1.21.1.2
tp-linkarcher_ax5400
tp-linkarcher_ax5400_firmware< 1.1.21.1.2
tp-linkarcher_axe75
tp-linkarcher_axe75_firmware< 1.1.91.1.9
tp-linkdeco_x50
tp-linkdeco_x50_firmware< 1.4.11.4.1
tp-linkdeco_xe200
tp-linkdeco_xe200_firmware< 1.2.51.2.5

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
vendor_oracle4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.