CVE-2023-37284

Vulnerability

An improper authentication vulnerability exists in TP-Link Archer C20 firmware versions prior to Archer C20(JP)_V1_230616. The flaw allows a network-adjacent unauthenticated attacker to bypass authentication mechanisms and execute arbitrary OS commands via a crafted request [1][2].

Exploitation

An attacker must be on the same network as the vulnerable device (network-adjacent) and does not require any prior authentication. By sending a specially crafted HTTP request to the router, the attacker can bypass the authentication check and inject arbitrary OS commands [2].

Impact

Successful exploitation enables the attacker to execute arbitrary operating system commands on the device with root privileges. This can lead to full compromise of the router, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further attacks on the network [2].

Mitigation

TP-Link has released firmware version Archer C20(JP)_V1_230616 to address this vulnerability. Users should update their devices to this version or later via the official TP-Link support page [1]. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.