CVE-2023-39224

moderate-risk

Published 2023-09-06

Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.0/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Archer C7 Firmware

Affected Vendors

Tp-Link

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU99392903/

Product https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware

Third Party Advisory https://jvn.jp/en/vu/JVNVU99392903/

Product https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal