We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-38471



Assignerjpcert
Reserved2024-06-17
Published2024-07-04
Updated2024-08-02

Description

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Problem types

OS command injection

Product status

firmware versions prior to "Archer AX3000(JP)_V1_1.1.3 Build 20240415"
affected

firmware versions prior to "Archer AXE75(JP)_V1_1.2.0 Build 20240320"
affected

firmware versions prior to "Archer AX5400(JP)_V1_1.1.4 Build 20240429"
affected

firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"
affected

firmware versions prior to "Archer AXE5400(JP)_V1_1.0.3 Build 20240319"
affected

References

https://www.tp-link.com/jp/support/download/

https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware

https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware

https://www.tp-link.com/jp/support/download/archer-axe5400/#Firmware

https://jvn.jp/en/vu/JVNVU99784493/

cve.org CVE-2024-38471

nvd.nist.gov CVE-2024-38471

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.