CVE-2023-40357: OS Command Injection
First published: Wed Sep 06 2023(Updated: )
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Archer Ax50 Firmware | <230529 | |
| Tp-link Archer Ax50 | =1.0 | |
| Tp-link Archer A10 Firmware | <=230504 | |
| Tp-link Archer A10 | ||
| Tp-link Archer Ax10 Firmware | <230508 | |
| TP-Link Archer AX10 | ||
| Tp-link Archer Ax11000 Firmware | <230523 | |
| Tp-link Archer Ax11000 | ||
| All of | ||
| Tp-link Archer Ax50 | =1.0 | |
| Tp-link Archer Ax50 Firmware | <230529 | |
| All of | ||
| Tp-link Archer A10 | ||
| Tp-link Archer A10 Firmware | <=230504 | |
| All of | ||
| TP-Link Archer AX10 | ||
| Tp-link Archer Ax10 Firmware | <230508 | |
| All of | ||
| Tp-link Archer Ax11000 | ||
| Tp-link Archer Ax11000 Firmware | <230523 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-40357?
The severity of CVE-2023-40357 is high with a severity value of 8.
Which TP-LINK products are affected by CVE-2023-40357?
The TP-LINK products affected by CVE-2023-40357 are Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', and Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1_230508'.
How can an attacker exploit CVE-2023-40357?
An attacker can exploit CVE-2023-40357 by being network-adjacent and authenticated, allowing them to execute arbitrary OS commands.
Where can I find more information about CVE-2023-40357?
You can find more information about CVE-2023-40357 at the following references: [1] https://jvn.jp/en/vu/JVNVU99392903/ [2] https://www.tp-link.com/jp/support/download/archer-a10/#Firmware [3] https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware
How do I fix CVE-2023-40357?
To fix CVE-2023-40357, update your TP-LINK product to the latest firmware versions listed in the references: Archer AX50 firmware 'Archer AX50(JP)_V1_230529', Archer A10 firmware 'Archer A10(JP)_V2_230504', and Archer AX10 firmware 'Archer AX10(JP)_V1_230508'.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/tp-link
- canonical/tp-link archer ax50 firmware
- canonical/tp-link archer ax50
- version/tp-link archer ax50/1.0
- canonical/tp-link archer a10 firmware
- version/tp-link archer a10 firmware/230504
- canonical/tp-link archer a10
- canonical/tp-link archer ax10 firmware
- canonical/tp-link archer ax10
- canonical/tp-link archer ax11000 firmware
- canonical/tp-link archer ax11000