Sign-up

ID

VAR-202309-0276


CVE

CVE-2023-40357


TITLE

plural  TP-LINK Technologies  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-011818

DESCRIPTION

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. TP-LINK Technologies The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK Archer is a series of routers from China TP-LINK Company. This vulnerability is caused by the application's failure to properly filter special characters, commands, etc. that construct commands

Trust: 2.16

sources: NVD: CVE-2023-40357 // JVNDB: JVNDB-2023-011818 // CNVD: CNVD-2023-83068

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-83068

AFFECTED PRODUCTS

vendor:tp linkmodel:archer ax50scope:ltversion:230529

Trust: 1.0

vendor:tp linkmodel:archer ax10scope:ltversion:230508

Trust: 1.0

vendor:tp linkmodel:archer ax11000scope:ltversion:230523

Trust: 1.0

vendor:tp linkmodel:archer a10scope:lteversion:230504

Trust: 1.0

vendor:tp linkmodel:archer ax11000scope: - version: -

Trust: 0.8

vendor:tp linkmodel:archer ax50scope: - version: -

Trust: 0.8

vendor:tp linkmodel:archer a10scope: - version: -

Trust: 0.8

vendor:tp linkmodel:archer ax10scope: - version: -

Trust: 0.8

vendor:tp linkmodel:archer ax50 <ax50 v1 230529scope: - version: -

Trust: 0.6

vendor:tp linkmodel:archer a10 <a10 v2 230504scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-83068 // JVNDB: JVNDB-2023-011818 // NVD: CVE-2023-40357

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-40357
value: HIGH

Trust: 1.8

CNVD: CNVD-2023-83068
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-83068
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-40357
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-83068 // JVNDB: JVNDB-2023-011818 // NVD: CVE-2023-40357

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-011818 // NVD: CVE-2023-40357

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-40357

EXTERNAL IDS
db:NVDid:CVE-2023-40357
Trust: 3.2
db:JVNid:JVNVU99392903
Trust: 1.8
db:JVNDBid:JVNDB-2023-011818
Trust: 0.8
db:CNVDid:CNVD-2023-83068
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2023-83068 // 
            
            
            
            JVNDB: JVNDB-2023-011818 // 
            
            
            
            NVD: CVE-2023-40357

REFERENCES
url:https://jvn.jp/en/vu/jvnvu99392903/
Trust: 1.8
url:https://www.tp-link.com/jp/support/download/archer-a10/#firmware
Trust: 1.8
url:https://www.tp-link.com/jp/support/download/archer-ax10/#firmware
Trust: 1.8
url:https://www.tp-link.com/jp/support/download/archer-ax11000/#firmware
Trust: 1.8
url:https://www.tp-link.com/jp/support/download/archer-ax50/#firmware
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-40357
Trust: 1.4
sources:
            
            
            CNVD: CNVD-2023-83068 // 
            
            
            
            JVNDB: JVNDB-2023-011818 // 
            
            
            
            NVD: CVE-2023-40357

SOURCES
db:CNVDid:CNVD-2023-83068
db:JVNDBid:JVNDB-2023-011818
db:NVDid:CVE-2023-40357

LAST UPDATE DATE
2023-12-18T11:53:58.786000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2023-83068date:2023-11-03T00:00:00
db:JVNDBid:JVNDB-2023-011818date:2023-12-14T06:20:00
db:NVDid:CVE-2023-40357date:2023-09-11T13:42:13.197

SOURCES RELEASE DATE
db:CNVDid:CNVD-2023-83068date:2023-11-03T00:00:00
db:JVNDBid:JVNDB-2023-011818date:2023-12-14T00:00:00
db:NVDid:CVE-2023-40357date:2023-09-06T10:15:14.820