Published:2023/08/21 Last Updated:2023/08/21
JVNVU#99392903
Multiple vulnerabilities in TP-Link products
Overview
Multiple products provided by TP-LINK contain multiple vulnerabilities.
Products Affected
CVE-2023-31188、CVE-2023-32619
- Archer C50 firmware versions prior to "Archer C50(JP)_V3_230505"
- Archer C55 firmware versions prior to "Archer C55(JP)_V1_230506"
- TL-WR802N firmware versions prior to "TL-WR802N(JP)_V4_221008"
- TL-WR841N firmware versions prior to "TL-WR841N(JP)_V14_230506"
- TL-WR902AC firmware versions prior to "TL-WR902AC(JP)_V3_230506"
- Archer C20 firmware versions prior to "Archer C20(JP)_V1_230616"
- Archer C1200 firmware versions prior to "Archer C1200(JP)_V2_230508"
- Archer C9 firmware versions prior to "Archer C9(JP)_V3_230508"
- Archer A10 firmware versions prior to "Archer A10(JP)_V2_230504"
- Archer C3150 firmware versions prior to "Archer C3150(JP)_V2_230511"
- Archer C5 firmware all versions
- Archer C7 firmware versions prior to "Archer C7(JP)_V2_230602"
- Archer C5400 firmware versions prior to "Archer C5400(JP)_V2_230506"
- TL-WR940N firmware versions prior to "TL-WR940N(JP)_V6_201103"
- Deco M4 firmware versions prior to "Deco M4(JP)_V2_1.5.8 Build 20230619"
- Archer AX50 firmware versions prior to "Archer AX50(JP)_V1_230529"
- Archer A10 firmware versions prior to "Archer A10(JP)_V2_230504"
- Archer AX10 firmware versions prior to "Archer AX10(JP)_V1.2_230508"
- Archer AX11000 firmware versions prior to "Archer AX11000(JP)_V1_230523"
- Archer AX6000 firmware versions prior to "Archer AX6000(JP)_V1_1.3.0 Build 20221208"
Description
Multiple products provided by TP-LINK contain multiple vulnerabilities listed below.
- OS command injection (CWE-78) - CVE-2023-31188
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 - Use of hard-coded credentials (CWE-798) - CVE-2023-32619
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - OS command injection (CWE-78) - CVE-2023-36489
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - Improper authentication (CWE-287) - CVE-2023-37284
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - OS command injection (CWE-78) - CVE-2023-38563
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - OS command injection (CWE-78) - CVE-2023-38568
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - OS command injection (CWE-78) - CVE-2023-38588
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 - OS command injection (CWE-78) - CVE-2023-39224
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 - OS command injection (CWE-78) - CVE-2023-39935
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 - Stack-based buffer overflow (CWE-121) - CVE-2022-24355
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - OS command injection (CWE-78) - CVE-2023-40193
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 - OS command injection (CWE-78) - CVE-2023-40357
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 - OS command injection (CWE-78) - CVE-2023-40531
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0
Impact
The following attacks may be performed from the adjacent network:
- An arbitrary OS command may be executed by a logged-in user - CVE-2023-31188
- Hard-coded credentials may be used to login to the affected device, and an arbitrary OS command may be executed - CVE-2023-32619
- An arbitrary OS command may be executed via a crafted request to bypass authentication - CVE-2023-37284
- An arbitrary OS command may be executed - CVE-2023-36489, CVE-2023-38563, CVE-2023-38568
- A logged-in user may execute an arbitrary OS command - CVE-2023-38588, CVE-2023-39224, CVE-2023-39935, CVE-2023-40193, CVE-2023-40357, CVE-2023-40531
- An arbitrary code may be executed via a crafted request - CVE-2022-24355
Solution
Update the Firmware
For products other than Archer C5, update the firmware to the latest version according to the information provided by the developer.
According to the developer, support for the Archer C5 has already ended, so there are no plans to provide an update.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-31188 |
|
CVE-2023-32619 |
|
|
CVE-2023-36489 |
|
|
CVE-2023-37284 |
|
|
CVE-2023-38563 |
|
|
CVE-2023-38568 |
|
|
CVE-2023-38588 |
|
|
CVE-2023-39224 |
|
|
CVE-2023-39935 |
|
|
CVE-2023-40193 |
|
|
CVE-2023-40357 |
|
|
CVE-2023-40531 |
|
| JVN iPedia |
|