TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands
ID: c9a08a36-b9d6-53e1-8f88-17e7db9c00a0
STIX ID: report--c9a08a36-b9d6-53e1-8f88-17e7db9c00a0
Feed Name: GBHackers
Threat Score
**Executive summary:** A critical command-injection vulnerability (CVE-2024-53375) in TP-Link HomeShield firmware for Archer, Deco, and Tapo routers allows an authenticated attacker to supply an unsanitized ownerId to os.execute in avira.lua, enabling root remote code execution; researchers produced a proof-of-concept via firmware extraction/emulation and recommend applying vendor patches and input validation mitigations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.