CVE-2024-57357

HIGH EPSS 92.3%

Published Feb 7, 20251y ago · Modified Jun 17, 20261w ago

8.0 CVSS 3.1

High

Published Feb 7, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.

CVSS Details

Base Score

8.0

Exploitability

2.1

Impact

5.9

Vector string

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

92.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 2

Vendor	Product	Version	Range
tp-link	tl-wpa8630_firmware	2.0.4	any
tp-link	tl-wpa8630	2.0	any

References 1

github.com https://github.com/c10uds/tplink-wpa8630-rce-vulnerability

Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.