{"id":"CVE-2024-21833","details":"Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.","modified":"2026-03-15T14:50:34.326340Z","published":"2024-01-11T00:15:44.683Z","references":[{"type":"WEB","url":"https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware"},{"type":"WEB","url":"https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware"},{"type":"WEB","url":"https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware"},{"type":"WEB","url":"https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware"},{"type":"WEB","url":"https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware"},{"type":"ADVISORY","url":"https://jvn.jp/en/vu/JVNVU91401812/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21833.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.2"}]},{"events":[{"introduced":"0"},{"fixed":"1.1.2"}]},{"events":[{"introduced":"0"},{"fixed":"1.4.1"}]},{"events":[{"introduced":"0"},{"fixed":"1.2.5"}]},{"events":[{"introduced":"0"},{"fixed":"1.1.9"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}