all InfoSec news
Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800)
Tenable Research Advisories www.tenable.com
Researchers at Tenable discovered an unauthenticated command injection in the web management interface of the TP-Link Archer AX21 (AX1800). This issue was also independently discovered by other research teams, as noted in ZDI-23-451.
Update 24 April 2023: As indicated in a blog released by the Zero Day Initiative, when combined with ZDI-23-452 / CVE-2023-27359 this bug can lead to unauthenticated command injection via the WAN interface.
Technical Details
The country …
april blog command command injection injection interface issue link management research researchers teams tenable the web tp-link tp-link archer update web zdi