CVE-2024-38471

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Related Vulnerabilities

CVE-2017-10811

MEDIUM
CVSS:6.8(Medium)

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2017-10813

MEDIUM
CVSS:6.8(Medium)

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2017-2152

MEDIUM
CVSS:6.8(Medium)

WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2018-0512

MEDIUM
CVSS:6.8(Medium)

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CWE-782018

CVE-2018-0677

MEDIUM
CVSS:6.8(Medium)

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

CWE-782018

CVE-2018-14998

MEDIUM
CVSS:6.8(Medium)

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve c...

CWE-782018