Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Archer C7 by TP-LINK

    CVE-2023-39224 (GCVE-0-2023-39224)

    Vulnerability from nvd – Published: 2023-09-06 09:22 – Updated: 2024-09-26 20:13
    VLAI
    Summary
    Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK Archer C5 Affected: firmware all versions
    Create a notification for this product.
    TP-LINK Archer C7 Affected: firmware versions prior to 'Archer C7(JP)_V2_230602'
    Create a notification for this product.
    tp-link archer_c5 Affected: 0 , < * (custom)
        cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c7_firmware Affected: v2_230602
        cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c5",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c7_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v2_230602"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T20:11:36.456112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:13:06.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Archer C5",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware all versions"
                }
              ]
            },
            {
              "product": "Archer C7",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027 allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:22:59.282Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39224",
        "datePublished": "2023-09-06T09:22:59.282Z",
        "dateReserved": "2023-08-15T07:33:33.886Z",
        "dateUpdated": "2024-09-26T20:13:06.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39224 (GCVE-0-2023-39224)

    Vulnerability from cvelistv5 – Published: 2023-09-06 09:22 – Updated: 2024-09-26 20:13
    VLAI
    Summary
    Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK Archer C5 Affected: firmware all versions
    Create a notification for this product.
    TP-LINK Archer C7 Affected: firmware versions prior to 'Archer C7(JP)_V2_230602'
    Create a notification for this product.
    tp-link archer_c5 Affected: 0 , < * (custom)
        cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link archer_c7_firmware Affected: v2_230602
        cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c5",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "archer_c7_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v2_230602"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T20:11:36.456112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:13:06.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Archer C5",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware all versions"
                }
              ]
            },
            {
              "product": "Archer C7",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027 allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:22:59.282Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39224",
        "datePublished": "2023-09-06T09:22:59.282Z",
        "dateReserved": "2023-08-15T07:33:33.886Z",
        "dateUpdated": "2024-09-26T20:13:06.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }