CVE-2023-37284

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 6, 2023
Updated: Sep 11, 2023
CWE ID 287

Summary

CVE-2023-37284 is a newly disclosed vulnerability affecting Archer C20 firmware versions before 'Archer C20(JP)_V1_230616'. This issue permits an unauthenticated attacker, situated on a network adjacent to the impacted device, to execute arbitrary OS commands. The vulnerability arises due to an improper authentication mechanism, enabling a crafted request to bypass the authentication process. Successful exploitation could result in significant damage, such as data theft or system compromise. It is highly recommended that users update their Archer C20 firmware to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share