Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Archer C7 by TP-LINK
CVE-2023-39224 (GCVE-0-2023-39224)
Vulnerability from nvd – Published: 2023-09-06 09:22 – Updated: 2024-09-26 20:13
VLAI
Summary
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| TP-LINK | Archer C5 |
Affected:
firmware all versions
|
|
| TP-LINK | Archer C7 |
Affected:
firmware versions prior to 'Archer C7(JP)_V2_230602'
|
|
| tp-link | archer_c5 |
Affected:
0 , < *
(custom)
cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:* |
|
| tp-link | archer_c7_firmware |
Affected:
v2_230602
cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c5",
"vendor": "tp-link",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c7_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v2_230602"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:11:36.456112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:13:06.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Archer C5",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "Archer C7",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027 allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T09:22:59.282Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39224",
"datePublished": "2023-09-06T09:22:59.282Z",
"dateReserved": "2023-08-15T07:33:33.886Z",
"dateUpdated": "2024-09-26T20:13:06.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39224 (GCVE-0-2023-39224)
Vulnerability from cvelistv5 – Published: 2023-09-06 09:22 – Updated: 2024-09-26 20:13
VLAI
Summary
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| TP-LINK | Archer C5 |
Affected:
firmware all versions
|
|
| TP-LINK | Archer C7 |
Affected:
firmware versions prior to 'Archer C7(JP)_V2_230602'
|
|
| tp-link | archer_c5 |
Affected:
0 , < *
(custom)
cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:* |
|
| tp-link | archer_c7_firmware |
Affected:
v2_230602
cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c5",
"vendor": "tp-link",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "archer_c7_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "v2_230602"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:11:36.456112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:13:06.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Archer C5",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "Archer C7",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to \u0027Archer C7(JP)_V2_230602\u0027 allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T09:22:59.282Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39224",
"datePublished": "2023-09-06T09:22:59.282Z",
"dateReserved": "2023-08-15T07:33:33.886Z",
"dateUpdated": "2024-09-26T20:13:06.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}