What is the severity of CVE-2023-6437?

The CVE-2023-6437 vulnerability is considered to have a critical severity due to its potential for OS command injection.

How do I fix CVE-2023-6437?

To mitigate CVE-2023-6437, users should update their affected TP-Link devices to the latest firmware version available.

What type of vulnerability is CVE-2023-6437?

CVE-2023-6437 is an OS command injection vulnerability caused by improper neutralization of special elements.

Who can exploit CVE-2023-6437?

CVE-2023-6437 can be exploited by authenticated users with access to the affected TP-Link devices.

Vulnerability/
CVE-2023-6437

critical

9.8

CWE

78 77

28/3/2024

2/8/2024

CVE-2023-6437: Authenticated RCE

Q: Which TP-Link products are affected by CVE-2023-6437?

CVE-2023-6437 affects TP-Link EX20v AX1800, TP-Link Archer C5v AC1200, TP-Link TD-W9970, TP-Link TD-W9970v3, TP-Link VX220-G2u, and TP-Link VN020-G2u.

First published: Thu Mar 28 2024(Updated: )

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported.

Credit: iletisim@usom.gov.tr

Affected Software	Affected Version	How to fix
TP-Link EX20v AX1800	<=20240328
TP-Link Archer C5 Firmware	<=20240328
TP-Link TD-W9970	<=20240328
TP-Link TD-W9970	<=20240328
TP-Link VX220-G2u
TP-Link VN020-G2u

Never miss a vulnerability like this again

Reference Links

https://www.usom.gov.tr/bildirim/tr-24-0244

Frequently Asked Questions

What is the severity of CVE-2023-6437?
The CVE-2023-6437 vulnerability is considered to have a critical severity due to its potential for OS command injection.
How do I fix CVE-2023-6437?
To mitigate CVE-2023-6437, users should update their affected TP-Link devices to the latest firmware version available.
Which TP-Link products are affected by CVE-2023-6437?
CVE-2023-6437 affects TP-Link EX20v AX1800, TP-Link Archer C5v AC1200, TP-Link TD-W9970, TP-Link TD-W9970v3, TP-Link VX220-G2u, and TP-Link VN020-G2u.
What type of vulnerability is CVE-2023-6437?
CVE-2023-6437 is an OS command injection vulnerability caused by improper neutralization of special elements.
Who can exploit CVE-2023-6437?
CVE-2023-6437 can be exploited by authenticated users with access to the affected TP-Link devices.

agent/weakness
agent/references
agent/title
agent/type
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/tp-link
canonical/tp-link ex20v ax1800
canonical/tp-link archer c5 firmware
canonical/tp-link td-w9970
canonical/tp-link vx220-g2u
canonical/tp-link vn020-g2u

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.