CVE-2023-6437

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 28, 2024

Updated: Mar 29, 2024

CWE ID 78

Summary

CVE-2023-6437 is a critical OS Command Injection vulnerability affecting multiple TP-Link models, including EX20v AX1800, Archer C5v AC1200, TD-W9970, TD-W9970v3. Authenticated users can inject malicious commands into the system, potentially leading to serious unauthorized actions. This issue was identified in TP-Link EX20v AX1800, Archer C5v AC1200, TD-W9970, and TD-W9970v3 through March 2024. Unfortunately, the vulnerability persists in TP-Link VX220-G2u and VN020-G2u due to these models no longer being in production or supported.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toDh9i
https://www.cve.org/CVERecord?id=CVE-2023-6437
https://nvd.nist.gov/vuln/detail/CVE-2023-6437

Back to Vulnerability Database

CVE-2023-6437

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations