Published:2024/06/27 Last Updated:2024/06/27
JVNVU#99784493
Multiple TP-Link products vulnerable to OS command injection
Overview
Multiple products provided by TP-LINK contain an OS command injection vulnerability.
Products Affected
- Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.3 Build 20240415"
- Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_1.2.0 Build 20240320"
- Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.4 Build 20240429"
- Archer Air R5 firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"
- Archer AXE5400 firmware versions prior to "Archer AXE5400(JP)_V1_1.0.3 Build 20240319"
Description
Multiple products provided by TP-LINK contains an OS command injection vulnerability (CWE-78) related to the backup/restore function.
Impact
A user who logs in to the affected device may execute an arbitrary OS command by restoring a crafted backup file.
The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
Solution
Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score:
6.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-38471 |
| JVN iPedia |
|