Back to search
CVE-2024-21833
Published: Jan 10, 2024
Modified: Jun 16, 2025
PUBLISHED
Description
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
| Vendor | Product | Versions |
|---|---|---|
TP-Link | Archer AX3000 | affected firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115" |
TP-Link | Archer AX5400 | affected firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115" |
TP-Link | Archer AXE75 | affected firmware versions prior to "Archer AXE75(JP)_V1_231115" |
TP-Link | Deco X50 | affected firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122" |
TP-Link | Deco XE200 | affected firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120" |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now