Vulnerability Description
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr841N Firmware | < 231119 |
| Tp-Link | Tl-Wr841N | v14 |
| Tp-Link | Tl-Wr840N Firmware | < 231121 |
| Tp-Link | Tl-Wr840N | 6.20 |
Related Weaknesses (CWE)
References
- https://www.zerodayinitiative.com/advisories/ZDI-23-1624/Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-1624/Third Party Advisory
FAQ
What is CVE-2023-39471?
CVE-2023-39471 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-...
How severe is CVE-2023-39471?
CVE-2023-39471 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-39471?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr841N Firmware, Tp-Link Tl-Wr841N, Tp-Link Tl-Wr840N Firmware, Tp-Link Tl-Wr840N.