Vulnerability Description
Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU99784493/
- https://www.tp-link.com/jp/support/download/
- https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
- https://www.tp-link.com/jp/support/download/archer-axe5400/#Firmware
- https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware
- https://jvn.jp/en/vu/JVNVU99784493/
- https://www.tp-link.com/jp/support/download/
- https://www.tp-link.com/jp/support/download/archer-air-r5/v1/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware
- https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware
- https://www.tp-link.com/jp/support/download/archer-axe5400/#Firmware
- https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware
FAQ
What is CVE-2024-38471?
CVE-2024-38471 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial ...
How severe is CVE-2024-38471?
CVE-2024-38471 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38471?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.