CVE-2023-37284
https://notcve.org/view.php?id=CVE-2023-37284
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. Una vulnerabilidad de autenticación incorrecta en las versiones de firmware de Archer C20 anteriores a 'Archer C20(JP)_V1_230616' permite a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistema operativo a través de una solicitud manipulada para evitar la autenticación. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware • CWE-287: Improper Authentication •
CVE-2023-30383
https://notcve.org/view.php?id=CVE-2023-30383
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. • http://tplink.com https://gist.github.com/a2ure123/a4eda2813d85d8b414bb87e855ab4bf8 https://www.tp-link.com/us/support/download/archer-c2/v1/#Firmware https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware%29%2CTPLINK • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •