CVE-2023-31188

Name of the Vulnerable Software and Affected Versions Archer C50 versions prior to Archer C50(JP) V3 230505 Archer C55 versions prior to Archer C55(JP) V1 230506 Archer C20 versions prior to Archer C20(JP) V1 230616

Description Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. The issue is related to the failure to neutralize special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary commands.

Recommendations For Archer C50 versions prior to Archer C50(JP) V3 230505, update to a version that includes the fix. For Archer C55 versions prior to Archer C55(JP) V1 230506, update to a version that includes the fix. For Archer C20 versions prior to Archer C20(JP) V1 230616, update to a version that includes the fix. As a temporary workaround, consider disabling any features that allow execution of OS commands until a patch is available.