CVE-2024-21821

Published: Jan 10, 2024

Modified: Jun 17, 2025

PUBLISHED

Description

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

Vendor	Product	Versions
TP-Link	Archer AX3000	affected `firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"`
TP-Link	Archer AX5400	affected `firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"`
TP-Link	Archer AXE75	affected `firmware versions prior to "Archer AXE75(JP)_V1_231115"`
TP-Link	Archer Air R5	affected `firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"`

References

https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware

https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware

https://jvn.jp/en/vu/JVNVU91401812/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-21821

Description

Affected Products

References