Vulnerabilites related to tp-link - archer_ax50_firmware
Vulnerability from fkie_nvd
Published
2024-03-05 13:15
Modified
2025-03-04 14:22
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_ax50_firmware | 1.0.11 | |
| tp-link | archer_ax50 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_ax50_firmware:1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "DCC1E3E0-5102-445B-8893-E51CD2B2351F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_ax50:-:*:*:*:*:*:*:*", matchCriteriaId: "68C39CEB-FAC7-4EF7-A7DF-59EFB27F0B40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.", }, { lang: "es", value: "Vulnerabilidad de cross-site scripting (XSS) almacenada en TP-Link Archer AX50 que afecta la versión de firmware 1.0.11 compilación 2022052. Esta vulnerabilidad podría permitir a un atacante no autenticado crear una regla de mapeo de puertos a través de una solicitud SOAP y almacenar un payload de JavaScript malicioso dentro de esa regla, lo que podría resultar en una ejecución de payload de JavaScript cuando se carga la regla.", }, ], id: "CVE-2024-2188", lastModified: "2025-03-04T14:22:15.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.7, source: "cve-coordination@incibe.es", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-03-05T13:15:07.203", references: [ { source: "cve-coordination@incibe.es", tags: [ "Third Party Advisory", ], url: "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-tp-link-archer-ax50", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-tp-link-archer-ax50", }, ], sourceIdentifier: "cve-coordination@incibe.es", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cve-coordination@incibe.es", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-06 10:15
Modified
2024-11-21 08:19
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_ax50_firmware | * | |
| tp-link | archer_ax50 | 1.0 | |
| tp-link | archer_a10_firmware | * | |
| tp-link | archer_a10 | - | |
| tp-link | archer_ax10_firmware | * | |
| tp-link | archer_ax10 | - | |
| tp-link | archer_ax11000_firmware | * | |
| tp-link | archer_ax11000 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FED5A58-CE05-4048-AD76-985B28F1E059", versionEndExcluding: "230529", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_ax50:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CAFA093D-FBF5-4B8D-87FD-DA09B0EEF9C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC497214-6875-43D7-A8FB-9E6B2D307DE9", versionEndIncluding: "230504", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_a10:-:*:*:*:*:*:*:*", matchCriteriaId: "617EFAC4-CAB1-41FB-BC30-29ED4A84D74A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3DC73D06-13CF-47C5-81C4-37C8348CED43", versionEndExcluding: "230508", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_ax10:-:*:*:*:*:*:*:*", matchCriteriaId: "307B80ED-EEBB-4378-ADA3-B9E821AA3B36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_ax11000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5D83433-6BAB-42DB-A0DB-F4C95F7E7BDE", versionEndExcluding: "230523", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_ax11000:-:*:*:*:*:*:*:*", matchCriteriaId: "75171CD1-0D58-472F-AA60-A990FCA157DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.", }, { lang: "es", value: "Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX50 anteriores a 'Archer AX50(JP)_V1_230529', Versiones de firmware de Archer A10 anteriores a 'Archer A10(JP)_V2_230504', Versiones de firmware de Archer AX10 anteriores a 'Archer AX10(JP) _V1.2_230508' y versiones de firmware de Archer AX11000 anteriores a 'Archer AX11000(JP)_V1_230523'.\n", }, ], id: "CVE-2023-40357", lastModified: "2024-11-21T08:19:17.597", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-06T10:15:14.820", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/vu/JVNVU99392903/", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-a10/#Firmware", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware", }, { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/vu/JVNVU99392903/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-a10/#Firmware", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-09 04:15
Modified
2024-11-21 07:02
Severity ?
Summary
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://tp-link.com | Product, Vendor Advisory | |
| cve@mitre.org | https://github.com/aaronsvk | Third Party Advisory | |
| cve@mitre.org | https://github.com/aaronsvk/CVE-2022-30075 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/50962 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tp-link.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aaronsvk | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aaronsvk/CVE-2022-30075 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/50962 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_ax50_firmware | * | |
| tp-link | archer_ax50 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "538151A7-527D-470C-8119-F14A1E02A0BD", versionEndIncluding: "210730", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_ax50:-:*:*:*:*:*:*:*", matchCriteriaId: "68C39CEB-FAC7-4EF7-A7DF-59EFB27F0B40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.", }, { lang: "es", value: "En el firmware 210730 del router AX50 de TP-Link y anteriores, la importación de un archivo de copia de seguridad malicioso por medio de la interfaz web puede conllevar a una ejecución de código remota debido a una comprobación inapropiada", }, ], id: "CVE-2022-30075", lastModified: "2024-11-21T07:02:10.013", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-09T04:15:11.180", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "http://tp-link.com", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/aaronsvk", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/aaronsvk/CVE-2022-30075", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/50962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "http://tp-link.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/aaronsvk", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/aaronsvk/CVE-2022-30075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/50962", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-40357
Vulnerability from cvelistv5
Published
2023-09-06 09:21
Modified
2024-09-27 20:07
Severity ?
EPSS score ?
Summary
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TP-LINK | Archer AX50 |
Version: firmware versions prior to 'Archer AX50(JP)_V1_230529' |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware", }, { tags: [ "x_transferred", ], url: "https://www.tp-link.com/jp/support/download/archer-a10/#Firmware", }, { tags: [ "x_transferred", ], url: "https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware", }, { tags: [ "x_transferred", ], url: "https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/vu/JVNVU99392903/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:tp-link:archer_ax50_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "archer_ax50_firmware", vendor: "tp-link", versions: [ { lessThan: "230529", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:tp-link:archer_a10_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "archer_a10_firmware", vendor: "tp-link", versions: [ { lessThanOrEqual: "230504", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:tp-link:archer_ax10_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "archer_ax10_firmware", vendor: "tp-link", versions: [ { lessThan: "230508", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:tp-link:archer_ax11000_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "archer_ax11000_firmware", vendor: "tp-link", versions: [ { lessThan: "230523", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-40357", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T19:52:05.438820Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-27T20:07:01.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Archer AX50", vendor: "TP-LINK", versions: [ { status: "affected", version: "firmware versions prior to 'Archer AX50(JP)_V1_230529'", }, ], }, { product: "Archer A10", vendor: "TP-LINK", versions: [ { status: "affected", version: " firmware versions prior to 'Archer A10(JP)_V2_230504'", }, ], }, { product: "Archer AX10", vendor: "TP-LINK", versions: [ { status: "affected", version: "firmware versions prior to 'Archer AX10(JP)_V1.2_230508'", }, ], }, { product: "Archer AX11000", vendor: "TP-LINK", versions: [ { status: "affected", version: "firmware versions prior to 'Archer AX11000(JP)_V1_230523'", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.", }, ], problemTypes: [ { descriptions: [ { description: "OS command injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T09:21:35.820Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware", }, { url: "https://www.tp-link.com/jp/support/download/archer-a10/#Firmware", }, { url: "https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware", }, { url: "https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware", }, { url: "https://jvn.jp/en/vu/JVNVU99392903/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2023-40357", datePublished: "2023-09-06T09:21:35.820Z", dateReserved: "2023-08-15T07:33:34.791Z", dateUpdated: "2024-09-27T20:07:01.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2188
Vulnerability from cvelistv5
Published
2024-03-05 12:15
Modified
2024-08-02 19:36
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | Archer AX50 |
Version: 1.0.11 build 2022052 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T19:03:39.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-tp-link-archer-ax50", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-2188", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-02T19:36:34.969866Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-02T19:36:42.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Archer AX50", vendor: "TP-Link", versions: [ { status: "affected", version: "1.0.11 build 2022052", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Victor Fresco Perales (@hacefresko)", }, ], datePublic: "2024-01-05T11:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.", }, ], value: "Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.", }, ], impacts: [ { capecId: "CAPEC-592", descriptions: [ { lang: "en", value: "CAPEC-592 Stored XSS", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T12:15:25.297Z", orgId: "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", shortName: "INCIBE", }, references: [ { url: "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-tp-link-archer-ax50", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update the firmware to Archer AX50(EU)_V1_1.0.14 build 20240108.", }, ], value: "Update the firmware to Archer AX50(EU)_V1_1.0.14 build 20240108.", }, ], source: { discovery: "EXTERNAL", }, title: "Cross-Site Scripting vulnerability in TP-Link Archer AX50", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", assignerShortName: "INCIBE", cveId: "CVE-2024-2188", datePublished: "2024-03-05T12:15:25.297Z", dateReserved: "2024-03-05T09:35:08.297Z", dateUpdated: "2024-08-02T19:36:42.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30075
Vulnerability from cvelistv5
Published
2022-06-09 00:59
Modified
2024-08-03 06:40
Severity ?
EPSS score ?
Summary
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tp-link.com | x_refsource_MISC | |
| https://github.com/aaronsvk | x_refsource_MISC | |
| https://github.com/aaronsvk/CVE-2022-30075 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/50962 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.450Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://tp-link.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aaronsvk", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aaronsvk/CVE-2022-30075", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploit-db.com/exploits/50962", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-20T18:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://tp-link.com", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aaronsvk", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aaronsvk/CVE-2022-30075", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploit-db.com/exploits/50962", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-30075", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tp-link.com", refsource: "MISC", url: "http://tp-link.com", }, { name: "https://github.com/aaronsvk", refsource: "MISC", url: "https://github.com/aaronsvk", }, { name: "https://github.com/aaronsvk/CVE-2022-30075", refsource: "MISC", url: "https://github.com/aaronsvk/CVE-2022-30075", }, { name: "https://www.exploit-db.com/exploits/50962", refsource: "MISC", url: "https://www.exploit-db.com/exploits/50962", }, { name: "http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30075", datePublished: "2022-06-09T00:59:47", dateReserved: "2022-05-02T00:00:00", dateUpdated: "2024-08-03T06:40:47.450Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }