Saifeldeen Aziz

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 **Description** A flaw exists in the HTTP server of the affected devices due to a missing authentication check when accessing specific CGI endpoints. This allows attackers to perform actions intended for authenticated users without proper authorization. These actions include firmware upload and configuration operations. The vulnerable CGI endpoints allow unauthenticated access to privileged HTTP functions. **Recommendations** Apply the latest firmware updates available from TP-Link for the Archer NX200. Apply the latest firmware updates available from TP-Link for the Archer NX210. Apply the latest firmware updates available from TP-Link for the Archer NX500. Apply the latest firmware updates available from TP-Link for the Archer NX600.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 **Description** A flaw exists in the handling of input within an administrative command-line interface (CLI) used for wireless control. This allows a specially crafted input to be executed as part of an operating system command. An attacker who is already authenticated and possesses administrative privileges can execute arbitrary commands on the system, potentially compromising the confidentiality, integrity, and availability of the device. The vulnerable component is a wireless-control administrative CLI command. The input is manipulated to be executed as part of an operating system command. The vulnerable parameters or variables are not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 **Description** A flaw exists in how input is handled within an administrative command-line interface (CLI) used for modem management. This allows a specially crafted input to be executed as part of an operating system command. An attacker who is already authenticated and has administrative privileges can execute arbitrary commands on the system, potentially compromising the confidentiality, integrity, and availability of the device. The vulnerable component is a modem-management administrative CLI command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 **Description** A cryptographic key that is hardcoded into the configuration mechanism allows decryption and re-encryption of device configuration data. An authenticated attacker can decrypt configuration files, modify them, and re-encrypt them, which impacts the confidentiality and integrity of the device configuration data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.