CVE-2023-40357 : Multiple TP-LINK products allow a network-adjacent authenticated attacker to exe

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

Published 2023-09-06 10:15:15

Updated 2024-09-27 20:35:08

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2023-40357

Tp-link » Archer Ax10 Firmware
Versions before (<) 230508
cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Archer Ax10 » Version: N/A
Tp-link » Archer Ax50 Firmware
Versions before (<) 230529
cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Archer Ax50 » Version: 1.0
Tp-link » Archer A10 Firmware
Versions up to, including, (<=) 230504
cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Archer A10 » Version: N/A
Tp-link » Archer Ax11000 Firmware
Versions before (<) 230523
cpe:2.3:o:tp-link:archer_ax11000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Archer Ax11000 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-40357

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-40357

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-09-27
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-40357

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2023-40357

https://jvn.jp/en/vu/JVNVU99392903/

JVNVU#99392903: Multiple vulnerabilities in TP-Link products
Third Party Advisory

CVEs referencing this url
https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware

Archer AX10 のコンテンツ | TP-Link 日本
Product
https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware

Archer AX50 のコンテンツ | TP-Link 日本
Product
https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware

Archer AX11000 のコンテンツ | TP-Link 日本
Product
https://www.tp-link.com/jp/support/download/archer-a10/#Firmware

Archer A10 のコンテンツ | TP-Link 日本
Product

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-40357

Products affected by CVE-2023-40357

Exploit prediction scoring system (EPSS) score for CVE-2023-40357

CVSS scores for CVE-2023-40357

CWE ids for CVE-2023-40357

References for CVE-2023-40357