Sign-up

ID

VAR-202309-0276


CVE

CVE-2023-40357


DESCRIPTION

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

Trust: 1.0

sources: NVD: CVE-2023-40357

AFFECTED PRODUCTS

vendor:tp linkmodel:archer ax10scope:ltversion:230508

Trust: 1.0

vendor:tp linkmodel:archer ax11000scope:ltversion:230523

Trust: 1.0

vendor:tp linkmodel:archer ax50scope:ltversion:230529

Trust: 1.0

vendor:tp linkmodel:archer a10scope:lteversion:230504

Trust: 1.0

sources: NVD: CVE-2023-40357

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-40357
value: HIGH

Trust: 1.0

NVD: CVE-2023-40357
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-40357

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2023-40357

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-40357

EXTERNAL IDS
db:JVNid:JVNVU99392903
Trust: 1.0
db:NVDid:CVE-2023-40357
Trust: 1.0
sources:
            
            
            NVD: CVE-2023-40357

REFERENCES
url:https://www.tp-link.com/jp/support/download/archer-ax11000/#firmware
Trust: 1.0
url:https://www.tp-link.com/jp/support/download/archer-ax50/#firmware
Trust: 1.0
url:https://www.tp-link.com/jp/support/download/archer-a10/#firmware
Trust: 1.0
url:https://jvn.jp/en/vu/jvnvu99392903/
Trust: 1.0
url:https://www.tp-link.com/jp/support/download/archer-ax10/#firmware
Trust: 1.0
sources:
            
            
            NVD: CVE-2023-40357

SOURCES
db:NVDid:CVE-2023-40357

LAST UPDATE DATE
2023-09-12T01:56:05.160000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2023-40357date:2023-09-11T13:42:00

SOURCES RELEASE DATE
db:NVDid:CVE-2023-40357date:2023-09-06T10:15:00