PT-2023-26841 · Tp Link · Archer C7+1
Published
2023-09-06
·
Updated
2023-09-11
·
CVE-2023-39224
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Archer C5 versions all
Archer C7 versions prior to Archer C7(JP) V2 230602
Description
The issue allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, and therefore, the update for this product is not provided.
Recommendations
For Archer C5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Archer C7 versions prior to Archer C7(JP) V2 230602, update to Archer C7(JP) V2 230602 or later to resolve the issue.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archer C5
Archer C7