CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-21833
https://notcve.org/view.php?id=CVE-2024-21833
10 Jan 2024 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX3000 anteriores a "Archer ... • https://jvn.jp/en/vu/JVNVU91401812 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21773
https://notcve.org/view.php?id=CVE-2024-21773
10 Jan 2024 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware Archer AX30... • https://jvn.jp/en/vu/JVNVU91401812 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •