Sign-up

ID

VAR-202304-1960


CVE

CVE-2023-27359


TITLE

(Pwn2Own) TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability

Trust: 0.7

sources: ZDI: ZDI-23-452

DESCRIPTION

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. Was ZDI-CAN-19664. TP-LINK AX1800 is a dual-band Wi-Fi 6 router from China's TP-LINK

Trust: 2.07

sources: NVD: CVE-2023-27359 // ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-03273

AFFECTED PRODUCTS

vendor:tp linkmodel:ax1800scope: - version: -

Trust: 1.3

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2023-27359
value: CRITICAL

Trust: 1.0

ZDI: CVE-2023-27359
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2025-03273
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-03273
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2023-27359
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

ZDI: CVE-2023-27359
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // NVD: CVE-2023-27359

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.0

sources: NVD: CVE-2023-27359

PATCH

title:TP-Link has issued an update to correct this vulnerability.#Firmwareurl:https://www.tp-link.com/us/support/download/archer-ax21/v3/

Trust: 0.7

title:Patch for TP-LINK AX1800 race condition vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/656851

Trust: 0.6

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273

EXTERNAL IDS

db:NVDid:CVE-2023-27359

Trust: 2.3

db:ZDIid:ZDI-23-452

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-19664

Trust: 0.7

db:CNVDid:CNVD-2025-03273

Trust: 0.6

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // NVD: CVE-2023-27359

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-23-452/

Trust: 1.0

url:https://www.tp-link.com/us/support/download/archer-ax21/v3/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-27359

Trust: 0.6

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // NVD: CVE-2023-27359

CREDITS

Pham Nguyen Ngoc Bien & Dang Minh Tri from Qrious Secure

Trust: 0.7

sources: ZDI: ZDI-23-452

SOURCES

db:ZDIid:ZDI-23-452
db:CNVDid:CNVD-2025-03273
db:NVDid:CVE-2023-27359

LAST UPDATE DATE

2025-02-22T23:30:06.481000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-452date:2023-04-24T00:00:00
db:CNVDid:CNVD-2025-03273date:2025-02-20T00:00:00
db:NVDid:CVE-2023-27359date:2024-09-18T19:15:19.970

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-452date:2023-04-24T00:00:00
db:CNVDid:CNVD-2025-03273date:2025-02-20T00:00:00
db:NVDid:CVE-2023-27359date:2024-05-03T02:15:13.833