CVE-2023-37284
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-37284 is a newly disclosed vulnerability affecting Archer C20 firmware versions before 'Archer C20(JP)_V1_230616'. This issue permits an unauthenticated attacker, situated on a network adjacent to the impacted device, to execute arbitrary OS commands. The vulnerability arises due to an improper authentication mechanism, enabling a crafted request to bypass the authentication process. Successful exploitation could result in significant damage, such as data theft or system compromise. It is highly recommended that users update their Archer C20 firmware to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TP-LINK Technologies Co Ltd