CVE-2024-38471

July 4, 2024, 1:15 a.m.

None
No Score

Description

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Product(s) Impacted

Product Versions
TP-LINK

Weaknesses

References

https://jvn.jp/en/vu/JVNVU99784493/
https://www.tp-link.com/jp/support/download/
https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
https://www.tp-link.com/jp/support/download/archer-axe5400/#Firmware
https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware

Tags

vultures@jpcert.or.jp
2024-07-04
CVE-2024-38471

Date

  • Published: July 4, 2024, 1:15 a.m.
  • Last Modified: July 4, 2024, 1:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.