CVE-2023-32619 - OpenCVE

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Archer C55 Archer C55 Firmware Archer C50 V3 Archer C50 V3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c55:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c50_v3:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/vu/JVNVU99392903/	Third Party Advisory
https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware	Product
https://www.tp-link.com/jp/support/download/archer-c55/#Firmware	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-09-06T09:27:44.114Z

Updated: 2023-09-06T09:27:44.114Z

Reserved: 2023-08-15T07:33:32.104Z

Link: CVE-2023-32619

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-06T10:15:13.650

Modified: 2023-09-11T13:35:49.373

Link: CVE-2023-32619

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AF28B84-B90E-47B6-B2E8-F78CC909EEC0", "versionEndExcluding": "230506", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_c55:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DE7FC0D-0A09-42F6-BA31-597D38208F61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B4081EE-A5EE-41E0-BA3F-39F1BE7799AC", "versionEndExcluding": "230505", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_c50_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "01EE9C6D-D758-4015-B197-545269BF2283", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command."}, {"lang": "es", "value": "Las versiones de firmware de Archer C50 anteriores a 'Archer C50(JP)_V3_230505' y las versiones de firmware de Archer C55 anteriores a 'Archer C55(JP)_V1_230506' utilizan credenciales codificadas para iniciar sesi\u00f3n en el dispositivo afectado, lo que puede permitir que un atacante no autenticado adyacente a la red para ejecutar un comando arbitrario del sistema operativo.\n"}], "id": "CVE-2023-32619", "lastModified": "2023-09-11T13:35:49.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-06T10:15:13.650", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU99392903/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}