Advisory ID: NCC-CSIRT-040523-020
Summary: A command injection vulnerability was identified in a TP-Link Archer AX21 routers. Remote attacker could send a specially crafted request to the router to exploit the vulnerability, which consequently trigger remote code execution on the targeted system.
Vulnerable Platform(s): Firmware of TP-Link Router
Threat Type: Vulnerability
Product : TP- Link Archer AX21 Routers
Version: TP-Link Archer AX21 prior to 1.1.4 20230219
Description: TP-Link Archer AX21 firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability on a parameter of the web management interface. If the parameter is not sanitized prior to usage, it enables an unauthenticated attacker to insert commands.
Consquences: Remote code execution on the targeted routers
Impact/Probability: HIGH/HIGH
Solution :
• Users of the affected TP-Link Archer AX21 should update the firmware to the later version.
• Upgrade firmware from the local TP-Link official website of the purchase location for your TP-Link devices.
References:
https://www.govcert.gov.hk/en/alerts_detail.php?id=1018
https://www.hkcert.org/security-bulletin/tp-link-router-remote-code-execution-vulnerability_20230426
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware