Sign-up

ID

VAR-202303-2602


CVE

CVE-2023-27346


TITLE

TP-LINK Technologies  of  archer ax21  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-029390

DESCRIPTION

TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19703. TP-LINK Technologies of archer ax21 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.25

sources: NVD: CVE-2023-27346 // JVNDB: JVNDB-2023-029390 // ZDI: ZDI-23-377

AFFECTED PRODUCTS

vendor:tp linkmodel:archer ax21scope:eqversion:1.1.1

Trust: 1.0

vendor:tp linkmodel:archer ax21scope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:archer ax21scope:eqversion:archer ax21 firmware 1.1.1

Trust: 0.8

vendor:tp linkmodel:archer ax21scope: - version: -

Trust: 0.8

vendor:tp linkmodel:ax1800scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-23-377 // JVNDB: JVNDB-2023-029390 // NVD: CVE-2023-27346

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2023-27346
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-029390
value: HIGH

Trust: 0.8

ZDI: CVE-2023-27346
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2023-27346
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2023-029390
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2023-27346
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-23-377 // JVNDB: JVNDB-2023-029390 // NVD: CVE-2023-27346

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-029390 // NVD: CVE-2023-27346

PATCH

title:Fixed in AX21 version V3230219#Firmwareurl:https://www.tp-link.com/us/support/download/archer-ax21/v3/

Trust: 0.7

sources: ZDI: ZDI-23-377

EXTERNAL IDS

db:NVDid:CVE-2023-27346

Trust: 3.3

db:ZDIid:ZDI-23-377

Trust: 2.5

db:JVNDBid:JVNDB-2023-029390

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-19703

Trust: 0.7

sources: ZDI: ZDI-23-377 // JVNDB: JVNDB-2023-029390 // NVD: CVE-2023-27346

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-23-377/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-27346

Trust: 0.8

url:https://www.tp-link.com/us/support/download/archer-ax21/v3/

Trust: 0.7

sources: ZDI: ZDI-23-377 // JVNDB: JVNDB-2023-029390 // NVD: CVE-2023-27346

CREDITS

Kevin Wang

Trust: 0.7

sources: ZDI: ZDI-23-377

SOURCES

db:ZDIid:ZDI-23-377
db:JVNDBid:JVNDB-2023-029390
db:NVDid:CVE-2023-27346

LAST UPDATE DATE

2025-08-09T23:13:46.225000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-377date:2023-03-31T00:00:00
db:JVNDBid:JVNDB-2023-029390date:2025-08-07T03:31:00
db:NVDid:CVE-2023-27346date:2025-08-06T14:23:12.220

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-377date:2023-03-31T00:00:00
db:JVNDBid:JVNDB-2023-029390date:2025-08-07T00:00:00
db:NVDid:CVE-2023-27346date:2024-05-03T02:15:12.623