CVE-2023-36489

Published: Sep 6, 2023

Modified: Sep 26, 2024

PUBLISHED

Description

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.

Vendor	Product	Versions
TP-LINK	TL-WR802N	affected `firmware versions prior to 'TL-WR802N(JP)_V4_221008'`
TP-LINK	TL-WR841N	affected `firmware versions prior to 'TL-WR841N(JP)_V14_230506'`
TP-LINK	TL-WR902AC	affected `firmware versions prior to 'TL-WR902AC(JP)_V3_230506'`

References

https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware

https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware

https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware

https://jvn.jp/en/vu/JVNVU99392903/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-36489

Description

Affected Products

References