Back to search
CVE-2024-21773
Published: Jan 10, 2024
Modified: Jun 3, 2025
PUBLISHED
Description
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.
| Vendor | Product | Versions |
|---|---|---|
TP-Link | Archer AX3000 | affected firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115" |
TP-Link | Archer AX5400 | affected firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115" |
TP-Link | Deco X50 | affected firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122" |
TP-Link | Deco XE200 | affected firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120" |
TP-Link | Archer Air R5 | affected firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508" |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now