CVE-2023-40357

Name of the Vulnerable Software and Affected Versions Archer AX50 versions prior to Archer AX50(JP) V1 230529 Archer A10 versions prior to Archer A10(JP) V2 230504 Archer AX10 versions prior to Archer AX10(JP) V1.2 230508 Archer AX11000 versions prior to Archer AX11000(JP) V1 230523

Description Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary commands in the operating system.

Recommendations For Archer AX50 versions prior to Archer AX50(JP) V1 230529, update the firmware to Archer AX50(JP) V1 230529 or later. For Archer A10 versions prior to Archer A10(JP) V2 230504, update the firmware to Archer A10(JP) V2 230504 or later. For Archer AX10 versions prior to Archer AX10(JP) V1.2 230508, update the firmware to Archer AX10(JP) V1.2 230508 or later. For Archer AX11000 versions prior to Archer AX11000(JP) V1 230523, update the firmware to Archer AX11000(JP) V1 230523 or later.