CVE-2023-36489

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.

Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: versiones de firmware del TL-WR802N anteriores a 'TL-WR802N(JP)_V4_221008', versiones de firmware del TL-WR841N anteriores a 'TL-WR841N(JP)_V14_230506' y versiones de firmware del TL-WR902AC anteriores a 'TL-WR902AC(JP)_V3_230506'.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-08-15 CVE Reserved
2023-09-06 CVE Published
2024-09-26 CVE Updated
2024-11-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (4)

URL	Tag	Source
https://jvn.jp/en/vu/JVNVU99392903	Third Party Advisory
https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware	Product
https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware	Product
https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tl-wr902ac Firmware Search vendor "Tp-link" for product "Tl-wr902ac Firmware"	< 230506 Search vendor "Tp-link" for product "Tl-wr902ac Firmware" and version " < 230506"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr902ac Search vendor "Tp-link" for product "Tl-wr902ac"	-	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr802n Firmware Search vendor "Tp-link" for product "Tl-wr802n Firmware"	< 221008 Search vendor "Tp-link" for product "Tl-wr802n Firmware" and version " < 221008"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr802n Search vendor "Tp-link" for product "Tl-wr802n"	-	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n Firmware Search vendor "Tp-link" for product "Tl-wr841n Firmware"	< 230506 Search vendor "Tp-link" for product "Tl-wr841n Firmware" and version " < 230506"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n Search vendor "Tp-link" for product "Tl-wr841n"	-	-	Safe