VYPR
Unrated severityNVD Advisory· Published Jan 10, 2024· Updated Jun 3, 2025

CVE-2024-21773

CVE-2024-21773

Description

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • TP-Link/Deco X50llm-create
  • TP-Link/Archer AX3000llm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"
  • TP-Link/Archer AX5400llm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"
  • TP-Link/Archer Air R5v5
    Range: firmware versions prior to "Archer Air R5(JP)_V1_1.1.6 Build 20240508"
  • TP-Link/Decocpe-rescue
    Range: firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122"
  • TP-Link/Deco XE200v5
    Range: firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120"

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.