Details of VAR-202304-1960

ID

VAR-202304-1960

CVE

CVE-2023-27359

TITLE

TP-LINK Technologies of archer ax21 Race condition vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-029396

DESCRIPTION

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. Was ZDI-CAN-19664. TP-LINK Technologies of archer ax21 A race condition vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK AX1800 is a dual-band Wi-Fi 6 router from China's TP-LINK

Trust: 2.79

sources: NVD: CVE-2023-27359 // JVNDB: JVNDB-2023-029396 // ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-03273

AFFECTED PRODUCTS

vendor:	tp link	model:	ax1800	scope:	-	version:	-	Trust: 1.3
vendor:	tp link	model:	archer ax21	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	tp link	model:	archer ax21	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	archer ax21	scope:	eq	version:	archer ax21 firmware 1.1.1	Trust: 0.8
vendor:	tp link	model:	archer ax21	scope:	-	version:	-	Trust: 0.8

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // JVNDB: JVNDB-2023-029396 // NVD: CVE-2023-27359

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-27359
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2023-27359
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-27359
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-27359
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2025-03273
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-03273
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-27359
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2023-27359
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-27359
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-27359
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // JVNDB: JVNDB-2023-029396 // NVD: CVE-2023-27359 // NVD: CVE-2023-27359

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.0
problemtype:	Race condition (CWE-362) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029396 // NVD: CVE-2023-27359

PATCH

title:	TP-Link has issued an update to correct this vulnerability.#Firmware	url:	https://www.tp-link.com/us/support/download/archer-ax21/v3/	Trust: 0.7
title:	Patch for TP-LINK AX1800 race condition vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/656851	Trust: 0.6

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27359	Trust: 3.9
db:	ZDI	id:	ZDI-23-452	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-029396	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-19664	Trust: 0.7
db:	CNVD	id:	CNVD-2025-03273	Trust: 0.6

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // JVNDB: JVNDB-2023-029396 // NVD: CVE-2023-27359

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-23-452/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-27359	Trust: 1.4
url:	https://www.tp-link.com/us/support/download/archer-ax21/v3/	Trust: 0.7

sources: ZDI: ZDI-23-452 // CNVD: CNVD-2025-03273 // JVNDB: JVNDB-2023-029396 // NVD: CVE-2023-27359

CREDITS

Pham Nguyen Ngoc Bien & Dang Minh Tri from Qrious Secure

Trust: 0.7

sources: ZDI: ZDI-23-452

SOURCES

db:	ZDI	id:	ZDI-23-452
db:	CNVD	id:	CNVD-2025-03273
db:	JVNDB	id:	JVNDB-2023-029396
db:	NVD	id:	CVE-2023-27359

LAST UPDATE DATE

2025-08-09T23:19:05.648000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-452	date:	2023-04-24T00:00:00
db:	CNVD	id:	CNVD-2025-03273	date:	2025-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-029396	date:	2025-08-07T06:54:00
db:	NVD	id:	CVE-2023-27359	date:	2025-08-06T14:21:22.323

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-452	date:	2023-04-24T00:00:00
db:	CNVD	id:	CNVD-2025-03273	date:	2025-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-029396	date:	2025-08-07T00:00:00
db:	NVD	id:	CVE-2023-27359	date:	2024-05-03T02:15:13.833