Vulnerability identifier: #VU74035

Vulnerability risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-28760

CWE-ID: CWE-121

Exploitation vector: Local network

Exploits in database: 2

• May 2, 2023
  • TP-Link Archer AX20/AX21 minidlnad db_dir Remote Code Execution Vulnerability [Source Incite]
• March 27, 2023
  • CVE-2023-28760.py [Custom exploits]

Impact: Code execution

Vulnerable software:
Archer AX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: TP-Link