Back to search
CVE-2024-38471
Published: Jul 4, 2024
Modified: Mar 13, 2025
PUBLISHED
Description
Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
| Vendor | Product | Versions |
|---|---|---|
TP-LINK | Archer AX3000 | affected firmware versions prior to "Archer AX3000(JP)_V1_1.1.3 Build 20240415" |
TP-LINK | Archer AXE75 | affected firmware versions prior to "Archer AXE75(JP)_V1_1.2.0 Build 20240320" |
TP-LINK | Archer AX5400 | affected firmware versions prior to "Archer AX5400(JP)_V1_1.1.4 Build 20240429" |
TP-LINK | Archer Air R5 | affected firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508" |
TP-LINK | Archer AXE5400 | affected firmware versions prior to "Archer AXE5400(JP)_V1_1.0.3 Build 20240319" |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now