Vulnerability Description
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr902Ac Firmware | < 230506 |
| Tp-Link | Tl-Wr902Ac | - |
| Tp-Link | Tl-Wr802N Firmware | < 221008 |
| Tp-Link | Tl-Wr802N | - |
| Tp-Link | Tl-Wr841N Firmware | < 230506 |
| Tp-Link | Tl-Wr841N | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU99392903/Third Party Advisory
- https://www.tp-link.com/jp/support/download/tl-wr802n/#FirmwareProduct
- https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#FirmwareProduct
- https://www.tp-link.com/jp/support/download/tl-wr902ac/#FirmwareProduct
- https://jvn.jp/en/vu/JVNVU99392903/Third Party Advisory
- https://www.tp-link.com/jp/support/download/tl-wr802n/#FirmwareProduct
- https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#FirmwareProduct
- https://www.tp-link.com/jp/support/download/tl-wr902ac/#FirmwareProduct
FAQ
What is CVE-2023-36489?
CVE-2023-36489 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N...
How severe is CVE-2023-36489?
CVE-2023-36489 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36489?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr902Ac Firmware, Tp-Link Tl-Wr902Ac, Tp-Link Tl-Wr802N Firmware, Tp-Link Tl-Wr802N, Tp-Link Tl-Wr841N Firmware.