Vulnerabilites related to tp-link - archer_c7_firmware
CVE-2025-9377 (GCVE-0-2025-9377)
Vulnerability from cvelistv5
Published
2025-08-29 17:30
Modified
2025-09-03 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tp-link.com/us/support/faq/4365/ | vendor-advisory | |
| https://www.tp-link.com/us/support/faq/4308/ | patch, vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | TP-Link Systems Inc. | Archer C7(EU) V2 |
Version: 0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9377",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9377"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T22:20:24.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-03T00:00:00+00:00",
"value": "CVE-2025-9377 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C7(EU) V2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "241108",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TL-WR841N/ND(MS) V9",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "241108",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe authenticated remote command execution (RCE) vulnerability exists in the Parental Control page\u0026nbsp;on\u0026nbsp;TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.\u003c/div\u003e\u003cp\u003eThis issue affects Archer C7(EU) V2: before 241108 and\u0026nbsp;TL-WR841N/ND(MS) V9: before 241108.\u003c/p\u003e\u003cp\u003eBoth products have reached the status of EOL \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(end-of-life).\u003c/span\u003e\nIt\u0027s recommending to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epurchase the new \nproduct to ensure better performance and security. If replacement is not\n an option in the short term, please use the second reference link to \ndownload and install the patch(es).\n\n\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page\u00a0on\u00a0TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.\n\nThis issue affects Archer C7(EU) V2: before 241108 and\u00a0TL-WR841N/ND(MS) V9: before 241108.\n\nBoth products have reached the status of EOL (end-of-life).\nIt\u0027s recommending to \n\npurchase the new \nproduct to ensure better performance and security. If replacement is not\n an option in the short term, please use the second reference link to \ndownload and install the patch(es)."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T17:30:33.700Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4365/"
},
{
"tags": [
"patch",
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4308/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Authenticated RCE via Parental Control command injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9377",
"datePublished": "2025-08-29T17:30:33.700Z",
"dateReserved": "2025-08-23T00:15:09.238Z",
"dateUpdated": "2025-09-03T22:20:24.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2646 (GCVE-0-2023-2646)
Vulnerability from cvelistv5
Published
2023-05-11 07:31
Modified
2025-01-24 16:52
Severity ?
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Denial of Service
Summary
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.228775 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.228775 | signature |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | Archer C7v2 |
Version: v2_en_us_180114 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.228775"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.228775"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T16:51:06.415239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T16:52:19.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"GET Request Parameter Handler"
],
"product": "Archer C7v2",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "v2_en_us_180114"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "a2ure (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In TP-Link Archer C7v2 v2_en_us_180114 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente GET Request Parameter Handler. Durch Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:A/AC:L/Au:M/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T05:43:04.879Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.228775"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.228775"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-11T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-07T14:11:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "TP-Link Archer C7v2 GET Request Parameter denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2646",
"datePublished": "2023-05-11T07:31:04.076Z",
"dateReserved": "2023-05-11T05:29:05.402Z",
"dateUpdated": "2025-01-24T16:52:19.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35575 (GCVE-0-2020-35575)
Vulnerability from cvelistv5
Published
2020-12-26 02:02
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tp-link.com/us/security | x_refsource_MISC | |
| https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip | x_refsource_MISC | |
| https://pastebin.com/F8AuUdck | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tp-link.com/us/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T19:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tp-link.com/us/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tp-link.com/us/security",
"refsource": "MISC",
"url": "https://www.tp-link.com/us/security"
},
{
"name": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip",
"refsource": "MISC",
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip"
},
{
"name": "https://pastebin.com/F8AuUdck",
"refsource": "MISC",
"url": "https://pastebin.com/F8AuUdck"
},
{
"name": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35575",
"datePublished": "2020-12-26T02:02:45",
"dateReserved": "2020-12-20T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39224 (GCVE-0-2023-39224)
Vulnerability from cvelistv5
Published
2023-09-06 09:22
Modified
2024-09-26 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS command injection
Summary
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c5",
"vendor": "tp-link",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c7_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v2_230602"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:11:36.456112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:13:06.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Archer C5",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "Archer C7",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027 allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T09:22:59.282Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39224",
"datePublished": "2023-09-06T09:22:59.282Z",
"dateReserved": "2023-08-15T07:33:33.886Z",
"dateUpdated": "2024-09-26T20:13:06.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-12-26 02:15
Modified
2024-11-21 05:27
Severity ?
Summary
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wa901nd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78454764-D995-4121-B5D4-7EB8D2D25C56",
"versionEndExcluding": "3.16.9\\(201211\\)_beta",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wa901nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D360D3B-C006-4678-9D2A-2F8B133D8A51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29C27F0-386F-46C7-A2FA-2ADE81887ABA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25DA417-60F3-4E78-A770-709E4FF04504",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56C283F-CEB9-4DB9-B7F7-3F3C01E8BDDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC2B7F-FB5F-4EFF-B928-98CA250CB7A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:mr3420_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F596DB1-A414-4528-A075-AEB9B4C9A836",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:mr3420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE2F6C3-F312-489B-9688-3425D5F70B7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:mr6400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108C6248-A5AA-4C55-8DD3-6355C1423DA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:mr6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F28ABF89-111A-49E0-9FCF-88C73A49D4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wa701nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6898D0DA-977C-4274-AFE7-15949075EBF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wa701nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "927C2347-E983-4B56-8CEE-C38E983F5527",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wa801nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD656094-A2F9-4E51-9011-2D36EB668BBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wa801nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B1E54A-036A-4B0B-AB37-B68651234D9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wdr3500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6B2A9-E063-459B-AE3B-4F54591DA0FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wdr3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD8E7C-A05F-4F61-B91C-2228B1B7C989",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wdr3600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0B6B6A-89C6-4AB5-AD7E-5B22A5A767A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wdr3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E797DA-B428-439E-A31C-B4E6B3BB2180",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:we843n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE110E1-D900-4A89-80F7-3B70227BCF74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:we843n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3338F5-B1BF-4B18-A725-544F4D90BD8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr1043nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94301AEF-B801-4BE4-AD8F-ED732680461C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr1043nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8079B0F-1061-4DA1-B43D-1CDDB60D6DC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr1045nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5372D0C1-B2A8-4A83-BB88-3C3D97C4C5BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr1045nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F5D576-CC51-4D18-B9FC-75496CFB85EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE51163-C290-4C5D-A187-5AC3933CCD93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr740n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF514269-E922-4F2B-9A14-B99AA66C5BDE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr741nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD1B98-1A1F-45CF-AD3A-78F45E8D14F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr741nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87251418-A84D-4BA2-A016-349E980BD04E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr749n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3850BA2F-EE3C-4C44-A26F-353E46E40077",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr749n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E290F2A8-C798-49F7-A560-CCEC8BCF3861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr802n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91EF60F7-D1B5-4A21-97C1-91E902CD02D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr802n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D02C2D-AEF5-4B53-AA4F-43884D604F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr840n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3355F6-8EAF-43DD-A946-7492C63E2805",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr840n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D05124E-DAD8-4F65-804C-4BBD0AA2637F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr841hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B88EDFD-0DFF-43C6-99BE-73EB321016EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr841hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C9B9EA-D52D-47E5-841F-279CA21C5992",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3885AABC-674C-4C11-8749-20949AD3A9D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr841n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE54BD8-2B60-41D1-B9A7-7DF60E855120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr842n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C871979-0156-4BEB-AFB2-976D8213D6A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr842n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89313A6F-A222-490E-9A31-2E4E71B4F789",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr842nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D5E20-2D4D-4CBC-A97A-F6AB52575049",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr842nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE2A50B-197D-4FBE-980E-775D5947FF5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr845n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2B244B-B379-4FAE-B9A2-2A0B7E6F068E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr845n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E0FBB1-8836-4F77-BB29-E332073F90FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B954DE5B-3D99-43B6-8BC2-67E37581E911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr940n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "839BE14B-F80C-4788-94ED-E6D7FC3BE290",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr941hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584EB85-EC07-44BE-A7F3-EF164955670A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr941hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC75F36-DD1D-4152-9583-105C1BDC6A2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr945n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2423E4EB-547B-47C2-9238-47428375BD97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr945n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F2019-E1AB-4EEA-951F-1C9EEFE52506",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr949n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A83783-C56D-49F9-8D81-69D2C5AB3633",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr949n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BA5B32-2AA9-4462-BFF5-AF4958CDDCE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wrd4300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F3ABE3-5679-4898-8C72-C084FC4D9DD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wrd4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42E905BF-2020-44B3-A742-8E50A0DE1373",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices."
},
{
"lang": "es",
"value": "Un problema de divulgaci\u00f3n de contrase\u00f1a en la interfaz web de determinados dispositivos TP-Link permite a un atacante remoto obtener acceso administrativo completo al panel web.\u0026#xa0;Esto afecta a los dispositivos WA901ND versiones anteriores a 3.16.9(201211) beta, y los dispositivos Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR840249N, WR840249N, Dispositivos WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N y WRD4300"
}
],
"id": "CVE-2020-35575",
"lastModified": "2024-11-21T05:27:36.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-26T02:15:12.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"source": "cve@mitre.org",
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tp-link.com/us/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tp-link.com/us/security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-11 08:15
Modified
2025-01-24 17:15
Severity ?
4.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?ctiid.228775 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.228775 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.228775 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.228775 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c7_firmware | 180114 | |
| tp-link | archer_c7 | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:180114:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4C53D3-80A5-41FD-8383-D0065B422D68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c7:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27AE1E18-D939-4DB3-984A-85CB4962861C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"id": "CVE-2023-2646",
"lastModified": "2025-01-24T17:15:12.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:M/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "cna@vuldb.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-11T08:15:08.620",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.228775"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.228775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.228775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.228775"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 10:15
Modified
2024-11-21 08:14
Severity ?
Summary
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c7_firmware | * | |
| tp-link | archer_c7 | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F37BD5C-4B5B-4DB2-81DB-249D53A3CD43",
"versionEndExcluding": "230602",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c7:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27AE1E18-D939-4DB3-984A-85CB4962861C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027 allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided."
},
{
"lang": "es",
"value": "Todas las versiones del firmware Archer C5 y las versiones del firmware Archer C7 anteriores a \u0027Archer C7(JP)_V2_230602\u0027 permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Tenga en cuenta que Archer C5 ya no est\u00e1 soportado, por lo tanto, no se proporciona la actualizaci\u00f3n para este producto.\n"
}
],
"id": "CVE-2023-39224",
"lastModified": "2024-11-21T08:14:56.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T10:15:14.587",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-29 18:15
Modified
2025-09-04 13:41
Severity ?
Summary
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tl-wr841n_firmware | * | |
| tp-link | tl-wr841n | v9 | |
| tp-link | tl-wr841nd_firmware | * | |
| tp-link | tl-wr841nd | 9 | |
| tp-link | archer_c7_firmware | * | |
| tp-link | archer_c7 | 2.0 |
{
"cisaActionDue": "2025-09-24",
"cisaExploitAdd": "2025-09-03",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87D63AD8-35D5-4ECE-A29E-BC305E13CDCB",
"versionEndExcluding": "241108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v9:*:*:*:*:*:*:*",
"matchCriteriaId": "C244CD5A-A9CD-4E4D-9D7B-C4443EC2435E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841nd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742A0B42-6F33-429D-8290-BD2A4AC5B881",
"versionEndExcluding": "241108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841nd:9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E48E745-0CAB-412C-8B52-1F834D72F0CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCF20E-F92B-4EA3-8198-1B8DDCE6F2AA",
"versionEndExcluding": "241108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c7:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27AE1E18-D939-4DB3-984A-85CB4962861C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page\u00a0on\u00a0TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.\n\nThis issue affects Archer C7(EU) V2: before 241108 and\u00a0TL-WR841N/ND(MS) V9: before 241108.\n\nBoth products have reached the status of EOL (end-of-life).\nIt\u0027s recommending to \n\npurchase the new \nproduct to ensure better performance and security. If replacement is not\n an option in the short term, please use the second reference link to \ndownload and install the patch(es)."
}
],
"id": "CVE-2025-9377",
"lastModified": "2025-09-04T13:41:48.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f23511db-6c3e-4e32-a477-6aa17d310630",
"type": "Secondary"
}
]
},
"published": "2025-08-29T18:15:43.220",
"references": [
{
"source": "f23511db-6c3e-4e32-a477-6aa17d310630",
"tags": [
"Product"
],
"url": "https://www.tp-link.com/us/support/faq/4308/"
},
{
"source": "f23511db-6c3e-4e32-a477-6aa17d310630",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4365/"
}
],
"sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "f23511db-6c3e-4e32-a477-6aa17d310630",
"type": "Secondary"
}
]
}