CVE-2023-1389

CVSS 8.8 HIGHEPSS 100.0%● KEVCWE-77

In short

TP-Link Archer AX21 routers allow attackers to run commands as root through an unsanitized input field in the web interface, without needing a password. This lets attackers take complete control of the device.

Technical detail

A command injection vulnerability exists in the country parameter of the /cgi-bin/luci;stok=/locale endpoint due to insufficient input sanitization before use in popen(). An unauthenticated attacker can inject arbitrary commands via a POST request, which execute with root privileges.

Summary generated and translated by AI from the official description.

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · TP-Link Archer AX21 (AX1800)

public PoCs found — 4

githubgithub.com/Voyag3r-Security/CVE-2023-1389★ 17 githubgithub.com/werwolfz/CVE-2023-1389★ 1 cve_referencepacketstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.htmlunverified exploitdbwww.exploit-db.com/exploits/51677unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-1389 https://www.tenable.com/security/research/tra-2023-11