PT-2023-25591 · Tp Link · Tl-Wr841N+2
Published
2023-09-06
·
Updated
2023-09-11
·
CVE-2023-36489
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TL-WR802N versions prior to TL-WR802N(JP) V4 221008
TL-WR841N versions prior to TL-WR841N(JP) V14 230506
TL-WR902AC versions prior to TL-WR902AC(JP) V3 230506
Description
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
Recommendations
For TL-WR802N versions prior to TL-WR802N(JP) V4 221008, update to TL-WR802N(JP) V4 221008 or later.
For TL-WR841N versions prior to TL-WR841N(JP) V14 230506, update to TL-WR841N(JP) V14 230506 or later.
For TL-WR902AC versions prior to TL-WR902AC(JP) V3 230506, update to TL-WR902AC(JP) V3 230506 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tl-Wr802N
Tl-Wr841N
Tl-Wr902Ac