CVE-2024-53375

CVSS v3.1

8.0

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TP-Link Archer Series routers TP-Link Deco Series routers TP-Link Tapo Series routers

Description An authenticated Remote Code Execution (RCE) issue affects TP-Link Archer, Deco, and Tapo series routers. The issue resides in the

tmp get sites

function within the HomeShield functionality. The issue is exploitable even without HomeShield being installed or activated. The vulnerability is due to a lack of request parameter validation. Exploitation may allow a remote attacker to execute arbitrary commands.

Recommendations TP-Link Archer Series routers: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TP-Link Deco Series routers: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TP-Link Tapo Series routers: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2024-10792

CVE-2024-53375

Affected Products

Tp-Link Archer Series

Tp-Link Deco Series

Tp-Link Tapo Series

CVE-2024-53375

Weakness Enumeration

Related Identifiers

Affected Products

References · 20