CVE-2023-39224: OS Command Injection
First published: Wed Sep 06 2023(Updated: )
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Archer C7 Firmware | <230602 | |
| TP-Link Archer C7 | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39224?
CVE-2023-39224 is a vulnerability in Archer C5 firmware all versions and Archer C7 firmware versions prior to Archer C7(JP)_V2_230602 that allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
Which devices are affected by CVE-2023-39224?
Archer C5 firmware all versions and Archer C7 firmware versions prior to Archer C7(JP)_V2_230602 are affected by CVE-2023-39224.
How severe is CVE-2023-39224?
CVE-2023-39224 has a severity level of high.
How can an attacker exploit CVE-2023-39224?
An attacker can exploit CVE-2023-39224 by executing arbitrary OS commands.
Is there a firmware update available to fix CVE-2023-39224?
No, there is no firmware update available to fix CVE-2023-39224 as Archer C5 is no longer supported.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tp-link
- canonical/tp-link archer c7 firmware
- canonical/tp-link archer c7
- version/tp-link archer c7/2.0