Published:2024/06/27  Last Updated:2024/06/27

JVNVU#99784493
Multiple TP-Link products vulnerable to OS command injection

Overview

Multiple products provided by TP-LINK contain an OS command injection vulnerability.

Products Affected

  • Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.3 Build 20240415"
  • Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_1.2.0 Build 20240320"
  • Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.4 Build 20240429"
  • Archer Air R5 firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"
  • Archer AXE5400 firmware versions prior to "Archer AXE5400(JP)_V1_1.0.3 Build 20240319"

Description

Multiple products provided by TP-LINK contains an OS command injection vulnerability (CWE-78) related to the backup/restore function.

Impact

A user who logs in to the affected device may execute an arbitrary OS command by restoring a crafted backup file.
The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 6.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-38471
JVN iPedia