CVE-2024-21833

UNKNOWN

Published 2024-01-10T23:25:25.755Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-21833. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

8.8

/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.002

probability

of exploitation in the wild

There is a 0.2% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.392

Higher than 39.2% of all CVEs

Attack Vector Metrics

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

TP-Link

Archer AX3000

Affected Versions:

firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"

TP-Link

Archer AX5400

Affected Versions:

firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115"

TP-Link

Archer AXE75

Affected Versions:

firmware versions prior to "Archer AXE75(JP)_V1_231115"

TP-Link

Deco X50

Affected Versions:

firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122"

TP-Link

Deco XE200

Affected Versions:

firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120"

tp-link

archer_ax3000

Affected Versions:

1.0

tp-link

archer_ax5400

Affected Versions:

tp-link

archer_axe75

Affected Versions:

tp-link

deco_x50

Affected Versions:

tp-link

deco_xe200

Affected Versions:

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-r4rf-89mf-697j

Advisory Details

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120".

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-21833

WEB https://jvn.jp/en/vu/JVNVU91401812

WEB https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

WEB https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

WEB https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware

WEB https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

WEB https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware

Advisory provided by GitHub Security Advisory Database. Published: January 11, 2024, Modified: July 4, 2024

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

2 posts

Reddit • 6 days, 14 hours ago

ContentByrkRahul

Best VPNs for TP-Link Routers The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently flagged multiple TP-Link router vulnerabilities as **actively exploited by hackers**, with federal agencies given strict deadlines to remove affected devices from their networks. If you're among the millions using TP-Link routers at home or in your …

Also mentions: CVE-2023-33538

1.0

View Original

Reddit • 2 months, 4 weeks ago

suikerchiller

Is TP-Link Abandoning the Deco X50-PoE V1? I’m trying to understand TP-Link’s stance on the Deco X50-PoE V1. It’s been left with an unpatched critical vulnerability, CVE-2024-21833, which allows for a complete takeover of the router by anyone on the local network (including guests) without a password. The most frustrating …

3.0

View Original

References

https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware

https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware

https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware

https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware

https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware

https://jvn.jp/en/vu/JVNVU91401812/

Published: 2024-01-10T23:25:25.755Z

Last Modified: 2025-06-16T18:26:24.239Z

Copied to clipboard!

CVE-2024-21833

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

Social Media Intelligence

References

Request Analysis

What to expect

Request Received!