Published:2024/06/27  Last Updated:2024/06/27

JVNVU#99784493
Multiple TP-Link products vulnerable to OS command injection

Overview

Multiple products provided by TP-LINK contain an OS command injection vulnerability.

Products Affected

  • Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.3 Build 20240415"
  • Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_1.2.0 Build 20240320"
  • Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.4 Build 20240429"
  • Archer Air R5 firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"
  • Archer AXE5400 firmware versions prior to "Archer AXE5400(JP)_V1_1.0.3 Build 20240319"

Description

Multiple products provided by TP-LINK contains an OS command injection vulnerability (CWE-78) related to the backup/restore function.

Impact

A user who logs in to the affected device may execute an arbitrary OS command by restoring a crafted backup file.
The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 6.8

Credit

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-38471
JVN iPedia