CVE-2023-37284
First published: Wed Sep 06 2023(Updated: )
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Archer C20 Firmware | <230616 | |
| TP-LINK Archer C20 | =1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
This vulnerability is identified by the ID CVE-2023-37284.
What is the severity rating of CVE-2023-37284?
The severity rating of CVE-2023-37284 is high, with a score of 8.8.
What is the description of CVE-2023-37284?
CVE-2023-37284 is an improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' that allows an unauthenticated attacker to execute arbitrary OS commands.
How can an attacker exploit CVE-2023-37284?
An attacker can exploit CVE-2023-37284 by sending a crafted request to the vulnerable device and bypassing authentication to execute OS commands.
Is there a fix available for CVE-2023-37284?
Yes, TP-Link has released firmware version 'Archer C20(JP)_V1_230616' that addresses CVE-2023-37284. It is recommended to update to this version to fix the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tp-link
- canonical/tp-link archer c20 firmware
- canonical/tp-link archer c20
- version/tp-link archer c20/1