ID

VAR-202303-1268


CVE

CVE-2023-1389


TITLE

TP-LINK Technologies  of  archer ax21  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-005522

DESCRIPTION

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the merge_country_config function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. TP-Link Archer AX21 AX1800 is a TP-Link WIFI6 router. There is a command injection vulnerability in TP-Link Archer AX21 AX1800. The vulnerability comes from not filtering user input

Trust: 2.88

sources: NVD: CVE-2023-1389 // JVNDB: JVNDB-2023-005522 // ZDI: ZDI-23-451 // CNVD: CNVD-2023-17902 // VULMON: CVE-2023-1389

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-17902

AFFECTED PRODUCTS

vendor:tp linkmodel:archer ax21scope: - version: -

Trust: 1.5

vendor:tp linkmodel:archer ax21scope:ltversion:1.1.4

Trust: 1.0

vendor:tp linkmodel:archer ax21scope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:archer ax21scope:eqversion:archer ax21 firmware 1.1.4

Trust: 0.8

vendor:tp linkmodel:archer ax21 ax1800 buildscope:ltversion:1.1.420230219

Trust: 0.6

sources: ZDI: ZDI-23-451 // CNVD: CNVD-2023-17902 // JVNDB: JVNDB-2023-005522 // NVD: CVE-2023-1389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-1389
value: HIGH

Trust: 1.0

NVD: CVE-2023-1389
value: HIGH

Trust: 0.8

ZDI: CVE-2023-1389
value: HIGH

Trust: 0.7

CNVD: CNVD-2023-17902
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202303-1280
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-17902
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-1389
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-1389
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2023-1389
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-23-451 // CNVD: CNVD-2023-17902 // JVNDB: JVNDB-2023-005522 // CNNVD: CNNVD-202303-1280 // NVD: CVE-2023-1389

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-005522 // NVD: CVE-2023-1389

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202303-1280

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202303-1280

PATCH

title:TP-Link has issued an update to correct this vulnerability.#Firmwareurl:https://www.tp-link.com/us/support/download/archer-ax21/v3/

Trust: 0.7

title:Patch for TP-Link Archer AX21 AX1800 Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/415346

Trust: 0.6

title:TP-LINK Archer AX21 Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=229752

Trust: 0.6

sources: ZDI: ZDI-23-451 // CNVD: CNVD-2023-17902 // CNNVD: CNNVD-202303-1280

EXTERNAL IDS

db:NVDid:CVE-2023-1389

Trust: 4.6

db:TENABLEid:TRA-2023-11

Trust: 2.5

db:PACKETSTORMid:174131

Trust: 1.8

db:JVNDBid:JVNDB-2023-005522

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-19557

Trust: 0.7

db:ZDIid:ZDI-23-451

Trust: 0.7

db:SEEBUGid:SSVID-99657

Trust: 0.6

db:CNVDid:CNVD-2023-17902

Trust: 0.6

db:CNNVDid:CNNVD-202303-1280

Trust: 0.6

db:VULMONid:CVE-2023-1389

Trust: 0.1

sources: ZDI: ZDI-23-451 // CNVD: CNVD-2023-17902 // VULMON: CVE-2023-1389 // JVNDB: JVNDB-2023-005522 // CNNVD: CNNVD-202303-1280 // NVD: CVE-2023-1389

REFERENCES

url:https://www.tenable.com/security/research/tra-2023-11

Trust: 2.5

url:http://packetstormsecurity.com/files/174131/tp-link-archer-ax21-command-injection.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-1389

Trust: 0.8

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

url:https://www.tp-link.com/us/support/download/archer-ax21/v3/

Trust: 0.7

url:https://www.seebug.org/vuldb/ssvid-99657

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-1389/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-23-451 // CNVD: CNVD-2023-17902 // VULMON: CVE-2023-1389 // JVNDB: JVNDB-2023-005522 // CNNVD: CNNVD-202303-1280 // NVD: CVE-2023-1389

CREDITS

rskvp93, Q5Ca, and hoangnx99 from VcsLab of Viettel Cyber Security and Pham Nguyen Ngoc Bien & Dang Minh Tri from Qrious Secure

Trust: 0.7

sources: ZDI: ZDI-23-451

SOURCES

db:ZDIid:ZDI-23-451
db:CNVDid:CNVD-2023-17902
db:VULMONid:CVE-2023-1389
db:JVNDBid:JVNDB-2023-005522
db:CNNVDid:CNNVD-202303-1280
db:NVDid:CVE-2023-1389

LAST UPDATE DATE

2024-08-14T14:10:12.440000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-451date:2023-04-24T00:00:00
db:CNVDid:CNVD-2023-17902date:2023-03-17T00:00:00
db:VULMONid:CVE-2023-1389date:2023-03-16T00:00:00
db:JVNDBid:JVNDB-2023-005522date:2023-11-08T07:24:00
db:CNNVDid:CNNVD-202303-1280date:2023-03-22T00:00:00
db:NVDid:CVE-2023-1389date:2024-06-27T19:30:19.467

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-451date:2023-04-24T00:00:00
db:CNVDid:CNVD-2023-17902date:2023-03-17T00:00:00
db:VULMONid:CVE-2023-1389date:2023-03-15T00:00:00
db:JVNDBid:JVNDB-2023-005522date:2023-11-08T00:00:00
db:CNNVDid:CNNVD-202303-1280date:2023-03-15T00:00:00
db:NVDid:CVE-2023-1389date:2023-03-15T23:15:09.403