cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38471,https://securityvulnerability.io/vulnerability/CVE-2024-38471,TP-LINK Products Vulnerable to Arbitrary OS Command Execution via Backup File Restoration,A vulnerability exists in multiple TP-LINK networking devices that permits a network-adjacent attacker with administrative access to execute arbitrary operating system commands. This can be accomplished by restoring a specially crafted backup file on the affected device. The devices typically allow login only from local area network (LAN) ports or Wi-Fi. It is essential for users of the affected TP-LINK products to apply available security updates and follow best practices for network security to mitigate this risk.,Tp-link,"Archer Ax3000,Archer Axe75,Archer Ax5400,Archer Air R5,Archer Axe5400",,,0.0004400000034365803,false,false,false,false,,false,false,2024-07-04T00:49:13.216Z,0
CVE-2024-21821,https://securityvulnerability.io/vulnerability/CVE-2024-21821,Command Injection Vulnerability in TP-LINK Networking Products,"Several TP-LINK products are susceptible to a vulnerability that allows authenticated attackers on the same local network to execute arbitrary operating system commands. This flaw can be exploited through access via either the LAN port or Wi-Fi, potentially compromising the security and integrity of the affected networking devices. It is crucial for users to be aware of this issue and take appropriate measures to secure their devices against unauthorized access.",TP-Link,"Archer AX3000,Archer AX5400,Archer AXE75",8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-01-11T00:15:00.000Z,0
CVE-2024-21833,https://securityvulnerability.io/vulnerability/CVE-2024-21833,Command Injection Vulnerability in TP-LINK Networking Devices,"A critical vulnerability, identified as CVE-2024-21833, has been discovered in multiple TP-LINK products, allowing attackers to execute arbitrary OS commands without authentication. This flaw affects various router models, potentially enabling malicious actors to disrupt services, steal sensitive information, or enlist devices into botnets. There is evidence of active exploitation of this vulnerability, with discussions of potential sharing of exploit tools in underground forums. It is crucial for users to update their firmware to address the security concerns and consider implementing network segmentation and firewall rules to restrict access to vulnerable devices.",TP-Link,"Archer AX3000,Archer AX5400,Archer AXE75,Deco X50,Deco XE200",8.8,HIGH,0.0013500000350177288,false,true,true,true,,true,false,2024-01-11T00:15:00.000Z,3915
CVE-2024-21773,https://securityvulnerability.io/vulnerability/CVE-2024-21773,Remote Command Execution Vulnerability in TP-LINK Products,"Multiple TP-LINK products exhibit a vulnerability that enables unauthenticated network-adjacent attackers to execute arbitrary OS commands. This vulnerability can be exploited when attackers gain access to the product through its LAN port or Wi-Fi interface, potentially compromising targeted devices and bypassing parental control restrictions. The affected models include the Archer AX3000, Archer AX5400, Deco X50 (version 1), and Deco XE200. It is crucial for users to enhance their network security measures and keep firmware updated to mitigate these risks.",TP-Link,"Archer AX3000,Archer AX5400,Deco X50,Deco XE200",8.8,HIGH,0.0013500000350177288,false,false,false,false,,false,false,2024-01-11T00:15:00.000Z,0