CVE-2023-39224
https://notcve.org/view.php?id=CVE-2023-39224
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. Todas las versiones del firmware Archer C5 y las versiones del firmware Archer C7 anteriores a 'Archer C7(JP)_V2_230602' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Tenga en cuenta que Archer C5 ya no está soportado, por lo tanto, no se proporciona la actualización para este producto. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-2646 – TP-Link Archer C7v2 GET Request Parameter denial of service
https://notcve.org/view.php?id=CVE-2023-2646
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. • https://vuldb.com/?ctiid.228775 https://vuldb.com/?id.228775 • CWE-404: Improper Resource Shutdown or Release •