cbcvebase.

Tp-Link Archer Ax21 Firmware vulnerabilities

6 known vulnerabilities affecting tp-link/archer_ax21_firmware.

Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-1389P1HIGHCVSS 8.8KEVPoCfixed in 1.1.42023-03-15
CVE-2023-1389 [HIGH] CWE-77 CVE-2023-1389: TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injec TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthentica
nvd
CVE-2023-27346P2HIGHCVSS 8.8v1.1.12024-05-03
CVE-2023-27346 [HIGH] CWE-121 CVE-2023-27346: TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Thi TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware image
nvd
CVE-2023-27332P2HIGHCVSS 8.8v1.1.32024-05-03
CVE-2023-27332 [HIGH] CWE-121 CVE-2023-27332: TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerabilit TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging functi
nvd
CVE-2023-27359P2HIGHCVSS 8.1v1.1.12024-05-03
CVE-2023-27359 [HIGH] CWE-362 CVE-2023-27359: TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall
nvd
CVE-2023-31710P3CRITICALCVSS 9.8v3.6_1.1.4v3_1.1.42023-08-01
CVE-2023-31710 [CRITICAL] CWE-787 CVE-2023-31710: TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerabl TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.
nvd
CVE-2023-27333P3MEDIUMCVSS 6.8v1.1.32024-05-03
CVE-2023-27333 [MEDIUM] CWE-121 CVE-2023-27333: TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulner TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling o
nvd
Tp-Link Archer Ax21 Firmware vulnerabilities | cvebase