{"id":20351,"date":"2025-04-09T14:26:06","date_gmt":"2025-04-09T14:26:06","guid":{"rendered":""},"modified":"2025-10-15T16:37:13","modified_gmt":"2025-10-15T22:37:13","slug":"cve-2024-21773-critical-command-injection-vulnerability-in-tp-link-routers","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-21773-critical-command-injection-vulnerability-in-tp-link-routers\/","title":{"rendered":"CVE-2024-21773: Critical Command Injection Vulnerability in TP-Link Routers"},"content":{"rendered":"<h2 class=\"\" data-start=\"178\" data-end=\"189\">Overview<\/h2>\n<p class=\"\" data-start=\"191\" data-end=\"471\">In January 2024, a severe vulnerability tracked as <strong data-start=\"242\" data-end=\"260\">CVE-2024-21773<\/strong> was disclosed, affecting multiple TP-Link routers and Deco devices. This flaw enables unauthenticated attackers on the <strong data-start=\"380\" data-end=\"397\">local network<\/strong> to execute arbitrary operating system commands without prior credentials.<\/p>\n<p class=\"\" data-start=\"473\" data-end=\"658\">With a <strong data-start=\"480\" data-end=\"513\">CVSS v3.1 score of 8.8 (High)<\/strong>, this vulnerability poses a significant risk to home and small office networks, especially those relying on TP-Link\u2019s parental control features.<\/p>\n<h2 class=\"\" data-start=\"665\" data-end=\"689\">Vulnerability Summary<\/h2>\n<ul data-start=\"691\" data-end=\"939\">\n<li class=\"\" data-start=\"691\" data-end=\"721\">\n<p class=\"\" data-start=\"693\" data-end=\"721\"><strong data-start=\"693\" data-end=\"703\">CVE ID<\/strong>: CVE-2024-21773<\/p>\n<\/li>\n<li class=\"\" data-start=\"722\" data-end=\"755\">\n<p class=\"\" data-start=\"724\" data-end=\"755\"><strong data-start=\"724\" data-end=\"736\">Severity<\/strong>: High (CVSS 8.8)<\/p>\n<\/li>\n<li class=\"\" data-start=\"756\" data-end=\"807\">\n<p class=\"\" data-start=\"758\" data-end=\"807\"><strong data-start=\"758\" data-end=\"775\">Attack Vector<\/strong>: Local <a class=\"wpil_keyword_link\" title=\"network\" href=\"https:\/\/www.ameeba.com\" data-wpil-keyword-link=\"linked\" data-wpil-monitor-id=\"24146\">network<\/a> (LAN or Wi-Fi)<\/p>\n<\/li>\n<li class=\"\" data-start=\"808\" data-end=\"838\">\n<p class=\"\" data-start=\"810\" data-end=\"838\"><strong data-start=\"810\" data-end=\"831\">Attack Complexity<\/strong>: Low<\/p>\n<\/li>\n<li class=\"\" data-start=\"839\" data-end=\"876\">\n<p class=\"\" data-start=\"841\" data-end=\"876\"><strong data-start=\"841\" data-end=\"868\">Authentication Required<\/strong>: None<\/p>\n<\/li>\n<li class=\"\" data-start=\"877\" data-end=\"939\">\n<p class=\"\" data-start=\"879\" data-end=\"939\"><strong data-start=\"879\" data-end=\"889\">Impact<\/strong>: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-29048-remote-code-execution-via-oxmf-template-injection-in-open-xchange-app-suite\/\"  data-wpil-monitor-id=\"24560\">Remote command execution<\/a> as root on the device<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"\" data-start=\"946\" data-end=\"966\">Affected Products<\/h2>\n<p class=\"\" data-start=\"968\" data-end=\"1072\">The <a class=\"wpil_keyword_link\" title=\"vulnerability\" href=\"https:\/\/ameeba.com\" data-wpil-keyword-link=\"linked\" data-wpil-monitor-id=\"24147\">vulnerability<\/a> affects the following TP-Link devices <strong data-start=\"1024\" data-end=\"1071\">prior to the firmware versions listed below<\/strong>:<\/p>\n<div class=\"overflow-x-auto bg-no-repeat contain-inline-size\">\n<table data-start=\"1074\" data-end=\"1528\">\n<thead data-start=\"1074\" data-end=\"1148\">\n<tr data-start=\"1074\" data-end=\"1148\">\n<th data-start=\"1074\" data-end=\"1091\">Device<\/th>\n<th data-start=\"1091\" data-end=\"1148\">Affected Versions Before<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"1225\" data-end=\"1528\">\n<tr data-start=\"1225\" data-end=\"1300\">\n<td>Archer AX3000<\/td>\n<td>Archer AX3000(JP)_V1_1.1.2 Build 20231115<\/td>\n<\/tr>\n<tr data-start=\"1301\" data-end=\"1376\">\n<td>Archer AX5400<\/td>\n<td>Archer AX5400(JP)_V1_1.1.2 Build 20231115<\/td>\n<\/tr>\n<tr data-start=\"1377\" data-end=\"1452\">\n<td>Deco X50<\/td>\n<td>Deco X50(JP)_V1_1.4.1 Build 20231122<\/td>\n<\/tr>\n<tr data-start=\"1453\" data-end=\"1528\">\n<td>Deco XE200<\/td>\n<td>Deco XE200(JP)_V1_1.2.5 Build 20231120<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p class=\"\" data-start=\"1530\" data-end=\"1613\">Reference: <a class=\"cursor-pointer\" target=\"_new\" rel=\"noopener\" data-start=\"1541\" data-end=\"1613\">JVN Vulnerability Advisory (Japan)<\/a><\/p>\n<h2 class=\"\" data-start=\"1620\" data-end=\"1657\">How the Exploit Works (Conceptual)<\/h2>\n<p class=\"\" data-start=\"1659\" data-end=\"1960\">Although a full proof-of-concept has not been publicly disclosed, the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-50931-csrf-vulnerability-in-savignano-s-notify-allows-configuration-tampering\/\"  data-wpil-monitor-id=\"31972\">vulnerability is believed to exist in the parental control configuration<\/a> interface. Attackers connected to the same network can submit specially crafted HTTP requests that <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-21625-critical-remote-code-execution-vulnerability-in-network-protocol\/\"  data-wpil-monitor-id=\"24238\">inject system-level commands<\/a> through vulnerable parameters.<\/p><div id=\"ameeb-3147335557\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<h3 class=\"\" data-start=\"1962\" data-end=\"2010\">Conceptual Attack Example (Not Actual Code):<\/h3>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\">\n<p>POST \/cgi-bin\/luci\/;stok=\/api\/pc_settings HTTP\/1.1<br \/>\nHost: 192.168.0.1<br \/>\nContent-Type: application\/json<\/p>\n<p>{<br \/>\n&#8220;setting&#8221;: &#8220;rule&#8221;,<br \/>\n&#8220;device&#8221;: &#8220;;reboot&#8221;,<br \/>\n&#8230;<br \/>\n}<\/p>\n<\/div>\n<\/div>\n<p class=\"\" data-start=\"2180\" data-end=\"2293\">Such payloads could allow attackers to force reboots, manipulate settings, or <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-43449-arbitrary-code-execution-vulnerability-in-hummerrisk-software\/\"  data-wpil-monitor-id=\"27402\">execute arbitrary<\/a> commands as root.<\/p>\n<h2 class=\"\" data-start=\"2300\" data-end=\"2318\">Potential Risks<\/h2>\n<p class=\"\" data-start=\"2320\" data-end=\"2363\">If successfully exploited, attackers could:<\/p>\n<ul data-start=\"2365\" data-end=\"2581\">\n<li class=\"\" data-start=\"2365\" data-end=\"2406\">\n<p class=\"\" data-start=\"2367\" data-end=\"2406\">Redirect DNS traffic to malicious sites<\/p>\n<\/li>\n<li class=\"\" data-start=\"2407\" data-end=\"2444\">\n<p class=\"\" data-start=\"2409\" data-end=\"2444\">Eavesdrop on <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-12913-sql-injection-vulnerability-in-megatek-communication-system-azora-wireless-network-management\/\"  data-wpil-monitor-id=\"89981\">network communications<\/a><\/p>\n<\/li>\n<li class=\"\" data-start=\"2445\" data-end=\"2486\">\n<p class=\"\" data-start=\"2447\" data-end=\"2486\">Install persistent malware or backdoors<\/p>\n<\/li>\n<li class=\"\" data-start=\"2487\" data-end=\"2527\">\n<p class=\"\" data-start=\"2489\" data-end=\"2527\">Disable firewalls or parental controls<\/p>\n<\/li>\n<li class=\"\" data-start=\"2528\" data-end=\"2581\">\n<p class=\"\" data-start=\"2530\" data-end=\"2581\">Launch <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7766-xml-external-entity-attack-on-lantronix-provisioning-manager\/\"  data-wpil-monitor-id=\"68280\">attacks against internal or external<\/a> systems<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"2583\" data-end=\"2759\">Although this is a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-44120-local-admin-account-exploit-in-spectrum-power-7\/\"  data-wpil-monitor-id=\"43342\">local exploit<\/a>, attackers could compromise a nearby device first (like a phone or smart TV) to gain entry to the network and escalate their attack from there.<\/p>\n<h2 class=\"\" data-start=\"2766\" data-end=\"2795\">Mitigation Recommendations<\/h2>\n<h3 class=\"\" data-start=\"2797\" data-end=\"2819\">1. Update Firmware<\/h3>\n<p class=\"\" data-start=\"2821\" data-end=\"2901\">TP-Link has released patches. <a href=\"https:\/\/www.ameeba.com\/blog\/ftc-mandates-godaddy-cybersecurity-upgrades-following-triple-breach\/\"  data-wpil-monitor-id=\"50693\">Upgrade to the following<\/a> firmware builds or newer:<\/p>\n<ul data-start=\"2903\" data-end=\"3044\">\n<li class=\"\" data-start=\"2903\" data-end=\"2936\">\n<p class=\"\" data-start=\"2905\" data-end=\"2936\">AX3000: Build 20231115 or later<\/p>\n<\/li>\n<li class=\"\" data-start=\"2937\" data-end=\"2970\">\n<p class=\"\" data-start=\"2939\" data-end=\"2970\">AX5400: Build 20231115 or later<\/p>\n<\/li>\n<li class=\"\" data-start=\"2971\" data-end=\"3006\">\n<p class=\"\" data-start=\"2973\" data-end=\"3006\">Deco X50: Build 20231122 or later<\/p>\n<\/li>\n<li class=\"\" data-start=\"3007\" data-end=\"3044\">\n<p class=\"\" data-start=\"3009\" data-end=\"3044\">Deco XE200: Build 20231120 or later<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"3046\" data-end=\"3124\">Visit the <a class=\"\" href=\"https:\/\/www.tp-link.com\" target=\"_new\" rel=\"noopener\" data-start=\"3056\" data-end=\"3103\">TP-Link support site<\/a> to download updates.<\/p><div id=\"ameeb-1340497484\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<h3 class=\"\" data-start=\"3126\" data-end=\"3173\">2. Disable Parental Controls (if unpatched)<\/h3>\n<p class=\"\" data-start=\"3175\" data-end=\"3290\">As a temporary mitigation, disable the parental control features, which are <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-23394-critical-unix-symbolic-link-following-vulnerability-in-opensuse-tumbleweed-cyrus-imapd\/\"  data-wpil-monitor-id=\"54415\">linked to the vulnerable<\/a> functionality.<\/p>\n<h3 class=\"\" data-start=\"3292\" data-end=\"3326\">3. Secure Local Network Access<\/h3>\n<ul data-start=\"3328\" data-end=\"3490\">\n<li class=\"\" data-start=\"3328\" data-end=\"3356\">\n<p class=\"\" data-start=\"3330\" data-end=\"3356\">Use strong Wi-Fi passwords<\/p>\n<\/li>\n<li class=\"\" data-start=\"3357\" data-end=\"3384\">\n<p class=\"\" data-start=\"3359\" data-end=\"3384\"><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1863-default-authentication-function-disabled-in-yokogawa-recorder-products\/\"  data-wpil-monitor-id=\"37352\">Disable WPS functionality<\/a><\/p>\n<\/li>\n<li class=\"\" data-start=\"3385\" data-end=\"3437\">\n<p class=\"\" data-start=\"3387\" data-end=\"3437\">Limit device <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28232-unauthenticated-access-to-admin-panel-in-jmbroadcast-jmb0150-firmware-v1-0\/\"  data-wpil-monitor-id=\"37639\">admin access<\/a> to trusted machines only<\/p>\n<\/li>\n<li class=\"\" data-start=\"3438\" data-end=\"3490\">\n<p class=\"\" data-start=\"3440\" data-end=\"3490\"><a href=\"https:\/\/www.ameeba.com\/blog\/enhancing-industrial-defense-network-segmentation-and-perimeter-strategies-in-ot-cybersecurity\/\"  data-wpil-monitor-id=\"29937\">Segment IoT devices on a guest network<\/a> if possible<\/p>\n<\/li>\n<\/ul>\n<h3 class=\"\" data-start=\"3492\" data-end=\"3530\">4. Monitor for Suspicious Behavior<\/h3>\n<p class=\"\" data-start=\"3532\" data-end=\"3633\">Review logs (if available) for unknown administrative actions, unauthorized reboots, or rule changes.<\/p>\n<h2 class=\"\" data-start=\"3640\" data-end=\"3653\">Conclusion<\/h2>\n<p class=\"\" data-start=\"3655\" data-end=\"3865\">CVE-2024-21773 highlights the growing importance of <a class=\"wpil_keyword_link\" title=\"secure\" href=\"https:\/\/chat.ameeba.com\" data-wpil-keyword-link=\"linked\" data-wpil-monitor-id=\"24145\">secure<\/a> firmware in home and SOHO routers. <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0577-critical-vulnerability-in-totolink-lr1200gb-router-allows-potential-remote-exploitation\/\"  data-wpil-monitor-id=\"29412\">Router vulnerabilities<\/a> offer a high return for attackers, making them a prime target for local and lateral movement.<\/p>\n<p class=\"\" data-start=\"3867\" data-end=\"4016\">For anyone using TP-Link devices, prompt firmware updates and network hardening are <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-6140-arbitrary-file-upload-vulnerability-in-essential-real-estate-wordpress-plugin\/\"  data-wpil-monitor-id=\"24587\">essential steps in defending against this class of vulnerability<\/a>.<\/p>\n<p class=\"\" data-start=\"4018\" data-end=\"4147\">We will <a href=\"https:\/\/www.ameeba.com\/blog\/the-continuation-of-the-cve-program-a-win-for-us-cybersecurity-amid-rising-threats\/\"  data-wpil-monitor-id=\"32098\">continue to monitor this CVE<\/a> and provide updates if technical proof-of-concepts or exploit scripts are released publicly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview In January 2024, a severe vulnerability tracked as CVE-2024-21773 was disclosed, affecting multiple TP-Link routers and Deco devices. This flaw enables unauthenticated attackers on the local network to execute arbitrary operating system commands without prior credentials. With a CVSS v3.1 score of 8.8 (High), this vulnerability poses a significant risk to home and small [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[82],"product":[],"attack_vector":[78,80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-20351","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-microsoft","attack_vector-injection","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/20351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=20351"}],"version-history":[{"count":23,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/20351\/revisions"}],"predecessor-version":[{"id":82858,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/20351\/revisions\/82858"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=20351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=20351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=20351"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=20351"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=20351"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=20351"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=20351"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=20351"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=20351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}