Details of VAR-202303-1296

ID

VAR-202303-1296

CVE

CVE-2023-27333

TITLE

TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-23-244

DESCRIPTION

TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command 0x422 provided to the tmpServer service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19905

Trust: 1.62

sources: NVD: CVE-2023-27333 // ZDI: ZDI-23-244 // VULMON: CVE-2023-27333

AFFECTED PRODUCTS

vendor:

tp link

model:

archer ax21

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-23-244

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-27333
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2023-27333
value:	MEDIUM
Trust: 0.7

zdi-disclosures@trendmicro.com:	CVE-2023-27333
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.0
ZDI:	CVE-2023-27333
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-244 // NVD: CVE-2023-27333

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2023-27333

PATCH

title:

Fixed in Archer AX21 version V3230219 #Firmware

url:

https://www.tp-link.com/us/support/download/archer-ax21/

Trust: 0.7

sources: ZDI: ZDI-23-244

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27333	Trust: 1.8
db:	ZDI	id:	ZDI-23-244	Trust: 1.8
db:	ZDI_CAN	id:	ZDI-CAN-19905	Trust: 0.7
db:	VULMON	id:	CVE-2023-27333	Trust: 0.1

sources: ZDI: ZDI-23-244 // VULMON: CVE-2023-27333 // NVD: CVE-2023-27333

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-23-244/	Trust: 1.1
url:	https://www.tp-link.com/us/support/download/archer-ax21/	Trust: 0.7

sources: ZDI: ZDI-23-244 // VULMON: CVE-2023-27333 // NVD: CVE-2023-27333

CREDITS

Pumpkin, working with DEVCORE Internship Program

Trust: 0.7

sources: ZDI: ZDI-23-244

SOURCES

db:	ZDI	id:	ZDI-23-244
db:	VULMON	id:	CVE-2023-27333
db:	NVD	id:	CVE-2023-27333

LAST UPDATE DATE

2024-09-19T22:53:42.629000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-244	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2023-27333	date:	2024-09-18T19:15:19.800

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-244	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2023-27333	date:	2024-05-03T02:15:10.273