vulnerability

TP-Link Archer AX21: CVE-2023-1389: Unauthenticated Command Injection

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Mar 15, 2023	Jul 24, 2025	Jul 24, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 15, 2023

Added

Jul 24, 2025

Modified

Jul 24, 2025

Description

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

Solution

tp-link-archer-upgrade-latest

References

CVE-2023-1389
https://attackerkb.com/topics/CVE-2023-1389
URL-https://www.tenable.com/security/research/tra-2023-11
URL-https://nvd.nist.gov/vuln/detail/CVE-2023-1389
CWE-78

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today