all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800)

Add to bookmarks
March 14, 2023, 1:43 p.m. | Evan Grant

Tenable Research Advisories www.tenable.com

Unauthenticated Command Injection in TP-Link Archer AX21 (AX1800)

Researchers at Tenable discovered an unauthenticated command injection in the web management interface of the TP-Link Archer AX21 (AX1800). This issue was also independently discovered by other research teams, as noted in ZDI-23-451.

Update 24 April 2023As indicated in a blog released by the Zero Day Initiative, when combined with ZDI-23-452 / CVE-2023-27359 this bug can lead to unauthenticated command injection via the WAN interface. 


Technical Details


The country …

april blog command command injection injection interface issue link management research researchers teams tenable the web tp-link tp-link archer update web zdi

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 6 days ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 6 days ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks, 1 day ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 6 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs