Products
TP-LINK
Source
vultures@jpcert.or.jp
Tags
CVE-2024-38471 details
Published : July 4, 2024, 1:15 a.m.
Last Modified : July 4, 2024, 1:15 a.m.
Last Modified : July 4, 2024, 1:15 a.m.
Description
Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://jvn.jp/en/vu/JVNVU99784493/ | vultures@jpcert.or.jp |
| https://www.tp-link.com/jp/support/download/ | vultures@jpcert.or.jp |
| https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware | vultures@jpcert.or.jp |
| https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | vultures@jpcert.or.jp |
| https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | vultures@jpcert.or.jp |
| https://www.tp-link.com/jp/support/download/archer-axe5400/#Firmware | vultures@jpcert.or.jp |
| https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware | vultures@jpcert.or.jp |
This website uses the NVD API, but is not approved or certified by it.