HIGH🇵🇱 Wersja polska

CVE-2023-37284

CVSS 8.8v3.1pub. 2023-09-06upd. 2024-11-21

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tp Link Archer C20

    HW
    Tp-Link
    1
  • Tp Link Archer C20 Firmware

    OS
    Tp-Link
    < 230616
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-0834HIGH7.2ten sam produkt

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows una...

CVE-2023-30383HIGH7.5ten sam produkt

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C...

CVE-2025-15551MEDIUM5.9ten sam produkt

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any requ...

CVE-2025-6542CRITICAL9.3PL ✓ten sam vendor

Zdalne wykonanie poleceń OS bez uwierzytelnienia w routerach TP-Link Omada

CVE-2025-7850CRITICAL9.3PL ✓ten sam vendor

Command injection w bramkach Omada (TP-Link) po uwierzytelnieniu admina