First published: Fri May 19 2023(Updated: )
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Archer Vr1600v Firmware | <=0.1.0_0.9.1_v5006.0_build_200810_rel.53181n | |
TP-Link Archer VR1600V |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-31756.
The severity of CVE-2023-31756 is medium with a CVSS score of 6.7.
The command injection vulnerability in TP-Link Archer VR1600V allows remote attackers with admin access to the web portal to execute arbitrary commands.
Yes, TP-Link Archer VR1600V firmware version 0.1.0_0.9.1_v5006.0_build_200810_rel.53181n is affected by CVE-2023-31756.
To mitigate the TP-Link Archer VR1600V command injection vulnerability, update the firmware to a version higher than 0.1.0_0.9.1_v5006.0_build_200810_rel.53181n.