CVE-2023-1389 - OpenCVE

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Archer Ax21 Archer Ax21 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:archer_ax21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_ax21:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html	Exploit Third Party Advisory VDB Entry
https://www.tenable.com/security/research/tra-2023-11	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2023-03-15T00:00:00

Updated: 2023-08-11T00:00:00

Reserved: 2023-03-14T00:00:00

Link: CVE-2023-1389

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-15T23:15:09.403

Modified: 2024-06-27T19:30:19.467

Link: CVE-2023-1389

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"cisaActionDue": "2023-05-22", "cisaExploitAdd": "2023-05-01", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "TP-Link Archer AX-21 Command Injection Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_ax21_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2DBA0CE-1871-4B4E-BCBD-3693E61DF23E", "versionEndExcluding": "1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_ax21:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DF5A235-4531-4F03-882C-C2A6B6D07A5D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request."}], "id": "CVE-2023-1389", "lastModified": "2024-06-27T19:30:19.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-15T23:15:09.403", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html"}, {"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2023-11"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}