ByteOS Network

Vulnerability Details :

CVE-2024-21773

Assigner-jpcert

Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce

Published At-10 Jan, 2024 | 23:24

Updated At-03 Jun, 2025 | 14:26

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:jpcert

Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce

Published At:10 Jan, 2024 | 23:24

Updated At:03 Jun, 2025 | 14:26

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

TP-Link Systems Inc.

Product

Archer AX3000

Versions

Affected

firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"

Vendor

TP-Link Systems Inc.

Product

Archer AX5400

Versions

Affected

firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"

Vendor

TP-Link Systems Inc.

Product

Deco X50

Versions

Affected

firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122"

Vendor

TP-Link Systems Inc.

Product

Deco XE200

Versions

Affected

firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120"

Vendor

TP-Link Systems Inc.

Product

Archer Air R5

Versions

Affected

firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"

Problem Types

Type	CWE ID	Description
text	N/A	Information disclosure

Type: text

CWE ID: N/A

Description: Information disclosure

References

Hyperlink	Resource
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware	N/A
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware	N/A
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware	N/A
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware	N/A
https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware	N/A
https://jvn.jp/en/vu/JVNVU91401812/	N/A

Hyperlink: https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

Resource: N/A

Hyperlink: https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

Resource: N/A

Hyperlink: https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

Resource: N/A

Hyperlink: https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware

Resource: N/A

Hyperlink: https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware

Resource: N/A

Hyperlink: https://jvn.jp/en/vu/JVNVU91401812/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware	x_transferred
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware	x_transferred
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware	x_transferred
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware	x_transferred
https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware	x_transferred
https://jvn.jp/en/vu/JVNVU91401812/	x_transferred

Hyperlink: https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

Resource:

x_transferred

Hyperlink: https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

Resource:

x_transferred

Hyperlink: https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

Resource:

x_transferred

Hyperlink: https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware

Resource:

x_transferred

Hyperlink: https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware

Resource:

x_transferred

Hyperlink: https://jvn.jp/en/vu/JVNVU91401812/

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-78	CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Type: CWE

CWE ID: CWE-78

Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:vultures@jpcert.or.jp

Published At:11 Jan, 2024 | 00:15

Updated At:03 Jun, 2025 | 15:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

TP-Link Systems Inc.

>>archer_ax3000_firmware>>Versions before 1.1.2(exclusive)

cpe:2.3:o:tp-link:archer_ax3000_firmware:*:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>archer_ax3000>>1.0

cpe:2.3:h:tp-link:archer_ax3000:1.0:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>archer_ax5400_firmware>>Versions before 1.1.2(exclusive)

cpe:2.3:o:tp-link:archer_ax5400_firmware:*:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>archer_ax5400>>1.0

cpe:2.3:h:tp-link:archer_ax5400:1.0:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>deco_x50_firmware>>Versions before 1.4.1(exclusive)

cpe:2.3:o:tp-link:deco_x50_firmware:*:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>deco_x50>>1.0

cpe:2.3:h:tp-link:deco_x50:1.0:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>deco_xe200_firmware>>Versions before 1.2.5(exclusive)

cpe:2.3:o:tp-link:deco_xe200_firmware:*:*:*:*:*:*:*:*

TP-Link Systems Inc.

>>deco_xe200>>1.0

cpe:2.3:h:tp-link:deco_xe200:1.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-78	Primary	nvd@nist.gov
CWE-78	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-78

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-78

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://jvn.jp/en/vu/JVNVU91401812/	vultures@jpcert.or.jp	Third Party Advisory
https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware	vultures@jpcert.or.jp	N/A
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware	vultures@jpcert.or.jp	Product
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware	vultures@jpcert.or.jp	Product
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware	vultures@jpcert.or.jp	Product
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware	vultures@jpcert.or.jp	Product
https://jvn.jp/en/vu/JVNVU91401812/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware	af854a3a-2127-422b-91ae-364da2661108	Product
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware	af854a3a-2127-422b-91ae-364da2661108	Product
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware	af854a3a-2127-422b-91ae-364da2661108	Product
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware	af854a3a-2127-422b-91ae-364da2661108	Product

Hyperlink: https://jvn.jp/en/vu/JVNVU91401812/

Source: vultures@jpcert.or.jp

Resource:

Third Party Advisory

Hyperlink: https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware

Source: vultures@jpcert.or.jp

Resource: N/A

Hyperlink: https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

Source: vultures@jpcert.or.jp

Resource:

Product

Hyperlink: https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

Source: vultures@jpcert.or.jp

Resource:

Product

Hyperlink: https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

Source: vultures@jpcert.or.jp

Resource:

Product

Hyperlink: https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware

Source: vultures@jpcert.or.jp

Resource:

Product

Hyperlink: https://jvn.jp/en/vu/JVNVU91401812/