Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Link | Tags |
---|---|
https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware | product |
https://jvn.jp/en/vu/JVNVU99392903/ | third party advisory |