CVE-2023-38588
https://notcve.org/view.php?id=CVE-2023-38588
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C3150 anteriores a 'Archer C3150(JP)_V2_230511' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c3150/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-39224
https://notcve.org/view.php?id=CVE-2023-39224
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. Todas las versiones del firmware Archer C5 y las versiones del firmware Archer C7 anteriores a 'Archer C7(JP)_V2_230602' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Tenga en cuenta que Archer C5 ya no está soportado, por lo tanto, no se proporciona la actualización para este producto. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-39935
https://notcve.org/view.php?id=CVE-2023-39935
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C5400 anteriores a 'Archer C5400(JP)_V2_230506' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c5400/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-40193
https://notcve.org/view.php?id=CVE-2023-40193
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware Deco M4 anteriores a 'Deco M4(JP)_V2_1.5.8 Build 20230619' permiten a un atacante autenticado adyacente a la red ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/deco-m4/v2/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-40357
https://notcve.org/view.php?id=CVE-2023-40357
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX50 anteriores a 'Archer AX50(JP)_V1_230529', Versiones de firmware de Archer A10 anteriores a 'Archer A10(JP)_V2_230504', Versiones de firmware de Archer AX10 anteriores a 'Archer AX10(JP) _V1.2_230508' y versiones de firmware de Archer AX11000 anteriores a 'Archer AX11000(JP)_V1_230523'. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-a10/#Firmware https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •