Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Archer C50 by TP-Link

    CVE-2023-32619 (GCVE-0-2023-32619)

    Vulnerability from nvd – Published: 2023-09-06 09:27 – Updated: 2024-09-26 20:19
    VLAI
    Summary
    Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK Archer C50 Affected: firmware versions prior to 'Archer C50(JP)_V3_230505'
    Create a notification for this product.
    TP-LINK Archer C55 Affected: firmware versions prior to 'Archer C55(JP)_V1_230506'
    Create a notification for this product.
    tp-link archer_c55_firmware Affected: 0 , < 230506 (custom)
        cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c50_v3_firmware Affected: 0 , < 230505 (custom)
        cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:35.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c55_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c50_v3_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230505",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32619",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T20:10:36.573148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:19:58.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Archer C50",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027"
                }
              ]
            },
            {
              "product": "Archer C55",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Archer C50 firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027 and Archer C55 firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027 use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:27:44.114Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32619",
        "datePublished": "2023-09-06T09:27:44.114Z",
        "dateReserved": "2023-08-15T07:33:32.104Z",
        "dateUpdated": "2024-09-26T20:19:58.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31188 (GCVE-0-2023-31188)

    Vulnerability from nvd – Published: 2023-09-06 09:28 – Updated: 2024-09-27 20:50
    VLAI
    Summary
    Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK Archer C50 Affected: firmware versions prior to 'Archer C50(JP)_V3_230505'
    Create a notification for this product.
    TP-LINK Archer C55 Affected: firmware versions prior to 'Archer C55(JP)_V1_230506'
    Create a notification for this product.
    TP-LINK Archer C20 Affected: firmware versions prior to 'Archer C20(JP)_V1_230616'
    Create a notification for this product.
    tp-link archer_c55_firmware Affected: 0 , < 230506 (custom)
        cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c50_v3_firmware Affected: 0 , < 230505 (custom)
        cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c20_firmware Affected: 0 , < 230616 (custom)
        cpe:2.3:o:tp-link:archer_c20_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:26.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c55_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c50_v3_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230505",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c20_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c20_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230616",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T20:18:40.293656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T20:50:29.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Archer C50",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027"
                }
              ]
            },
            {
              "product": "Archer C55",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027"
                }
              ]
            },
            {
              "product": "Archer C20",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C20(JP)_V1_230616\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027, Archer C55 firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027, and Archer C20 firmware versions prior to \u0027Archer C20(JP)_V1_230616\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:28:18.168Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-31188",
        "datePublished": "2023-09-06T09:28:18.168Z",
        "dateReserved": "2023-08-15T07:33:36.680Z",
        "dateUpdated": "2024-09-27T20:50:29.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0936 (GCVE-0-2023-0936)

    Vulnerability from nvd – Published: 2023-02-21 09:24 – Updated: 2025-03-12 15:19
    VLAI
    Title
    TP-Link Archer C50 Web Management Interface denial of service
    Summary
    A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.221552 vdb-entrytechnical-descriptionexploit
    https://vuldb.com/?ctiid.221552 signature
    Impacted products
    Vendor Product Version
    TP-Link Archer C50 Affected: V2_160801
    Create a notification for this product.
    Credits
    a2ure (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:45.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.221552"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.221552"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:18:43.787462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:19:02.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "Archer C50",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2_160801"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "a2ure (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in TP-Link Archer C50 V2_160801 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente Web Management Interface. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.1,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T21:33:29.352Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description",
                "exploit"
              ],
              "url": "https://vuldb.com/?id.221552"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.221552"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-02-21T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-02-21T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-03-27T22:56:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TP-Link Archer C50 Web Management Interface denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-0936",
        "datePublished": "2023-02-21T09:24:29.992Z",
        "dateReserved": "2023-02-21T09:22:35.190Z",
        "dateUpdated": "2025-03-12T15:19:02.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31188 (GCVE-0-2023-31188)

    Vulnerability from cvelistv5 – Published: 2023-09-06 09:28 – Updated: 2024-09-27 20:50
    VLAI
    Summary
    Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK Archer C50 Affected: firmware versions prior to 'Archer C50(JP)_V3_230505'
    Create a notification for this product.
    TP-LINK Archer C55 Affected: firmware versions prior to 'Archer C55(JP)_V1_230506'
    Create a notification for this product.
    TP-LINK Archer C20 Affected: firmware versions prior to 'Archer C20(JP)_V1_230616'
    Create a notification for this product.
    tp-link archer_c55_firmware Affected: 0 , < 230506 (custom)
        cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c50_v3_firmware Affected: 0 , < 230505 (custom)
        cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c20_firmware Affected: 0 , < 230616 (custom)
        cpe:2.3:o:tp-link:archer_c20_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:26.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c55_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c50_v3_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230505",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c20_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c20_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230616",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T20:18:40.293656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T20:50:29.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Archer C50",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027"
                }
              ]
            },
            {
              "product": "Archer C55",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027"
                }
              ]
            },
            {
              "product": "Archer C20",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C20(JP)_V1_230616\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027, Archer C55 firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027, and Archer C20 firmware versions prior to \u0027Archer C20(JP)_V1_230616\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:28:18.168Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-31188",
        "datePublished": "2023-09-06T09:28:18.168Z",
        "dateReserved": "2023-08-15T07:33:36.680Z",
        "dateUpdated": "2024-09-27T20:50:29.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32619 (GCVE-0-2023-32619)

    Vulnerability from cvelistv5 – Published: 2023-09-06 09:27 – Updated: 2024-09-26 20:19
    VLAI
    Summary
    Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK Archer C50 Affected: firmware versions prior to 'Archer C50(JP)_V3_230505'
    Create a notification for this product.
    TP-LINK Archer C55 Affected: firmware versions prior to 'Archer C55(JP)_V1_230506'
    Create a notification for this product.
    tp-link archer_c55_firmware Affected: 0 , < 230506 (custom)
        cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c50_v3_firmware Affected: 0 , < 230505 (custom)
        cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:35.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c55_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c50_v3_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "230505",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32619",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T20:10:36.573148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:19:58.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Archer C50",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027"
                }
              ]
            },
            {
              "product": "Archer C55",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Archer C50 firmware versions prior to \u0027Archer C50(JP)_V3_230505\u0027 and Archer C55 firmware versions prior to \u0027Archer C55(JP)_V1_230506\u0027 use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:27:44.114Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32619",
        "datePublished": "2023-09-06T09:27:44.114Z",
        "dateReserved": "2023-08-15T07:33:32.104Z",
        "dateUpdated": "2024-09-26T20:19:58.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0936 (GCVE-0-2023-0936)

    Vulnerability from cvelistv5 – Published: 2023-02-21 09:24 – Updated: 2025-03-12 15:19
    VLAI
    Title
    TP-Link Archer C50 Web Management Interface denial of service
    Summary
    A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.221552 vdb-entrytechnical-descriptionexploit
    https://vuldb.com/?ctiid.221552 signature
    Impacted products
    Vendor Product Version
    TP-Link Archer C50 Affected: V2_160801
    Create a notification for this product.
    Credits
    a2ure (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:45.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.221552"
              },
              {
                "tags": [
                  "signature",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.221552"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:18:43.787462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:19:02.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "Archer C50",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2_160801"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "a2ure (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in TP-Link Archer C50 V2_160801 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente Web Management Interface. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.1,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T21:33:29.352Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description",
                "exploit"
              ],
              "url": "https://vuldb.com/?id.221552"
            },
            {
              "tags": [
                "signature"
              ],
              "url": "https://vuldb.com/?ctiid.221552"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-02-21T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-02-21T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-03-27T22:56:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TP-Link Archer C50 Web Management Interface denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-0936",
        "datePublished": "2023-02-21T09:24:29.992Z",
        "dateReserved": "2023-02-21T09:22:35.190Z",
        "dateUpdated": "2025-03-12T15:19:02.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }