CVE-2023-6437

Name of the Vulnerable Software and Affected Versions TP-Link EX20v AX1800 versions through 20240328 TP-Link Archer C5v AC1200 versions through 20240328 TP-Link TD-W9970 versions through 20240328 TP-Link TD-W9970v3 versions through 20240328 TP-Link VX220-G2u (affected versions not specified) TP-Link VN020-G2u (affected versions not specified)

Description The issue exists due to the lack of measures to neutralize special elements used in an operating system command, allowing for OS Command Injection. This can enable an attacker to execute arbitrary commands. The vulnerability affects various TP-Link Wi-Fi router models.

Recommendations For TP-Link EX20v AX1800 versions through 20240328, update to a version released after 20240328. For TP-Link Archer C5v AC1200 versions through 20240328, update to a version released after 20240328. For TP-Link TD-W9970 versions through 20240328, update to a version released after 20240328. For TP-Link TD-W9970v3 versions through 20240328, update to a version released after 20240328. For TP-Link VX220-G2u and TP-Link VN020-G2u, at the moment, there is no information about a newer version that contains a fix for this vulnerability.