Unrated severityCISA KEVNVD Advisory· Published Mar 15, 2023· Updated Oct 21, 2025

CVE-2023-1389

Description

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

Affected products

N/a/Tp Link Archer Ax21 (ax1800)v5
Range: All versions prior to version 1.14 Build 20230219

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.htmlmitre
www.tenable.com/security/research/tra-2023-11mitre

News mentions

4th May – Threat Intelligence Report
Check Point Research · May 4, 2026
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
Krebs on Security · Apr 30, 2026

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000