Details of VAR-202308-2514

ID

VAR-202308-2514

CVE

CVE-2023-31710

TITLE

TP-LINK Archer AX21 Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-63438

DESCRIPTION

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. TP-LINK Archer AX21 is a wireless router produced by China Pulian (TP-LINK). The vulnerability stems from the fact that the program fails to correctly verify the length of the input data. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 1.44

sources: NVD: CVE-2023-31710 // CNVD: CNVD-2023-63438

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-63438

AFFECTED PRODUCTS

vendor:	tp link	model:	archer ax21	scope:	eq	version:	3_1.1.4	Trust: 1.0
vendor:	tp link	model:	archer ax21	scope:	eq	version:	3.6_1.1.4	Trust: 1.0
vendor:	tp link	model:	archer ax21 3.6 1.1.4	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	archer ax21 3 1.1.4	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-63438 // NVD: CVE-2023-31710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-31710
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2023-63438
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-63438
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-31710
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-63438 // NVD: CVE-2023-31710

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2023-31710

PATCH

title:

Patch for TP-LINK Archer AX21 Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/451311

Trust: 0.6

sources: CNVD: CNVD-2023-63438

EXTERNAL IDS

db:	NVD	id:	CVE-2023-31710	Trust: 1.6
db:	CNVD	id:	CNVD-2023-63438	Trust: 0.6

sources: CNVD: CNVD-2023-63438 // NVD: CVE-2023-31710

REFERENCES

url:

https://github.com/xiaobye-ctf/my-cve/tree/main/tp-link/cve-2023-31710

Trust: 1.6

sources: CNVD: CNVD-2023-63438 // NVD: CVE-2023-31710

SOURCES

db:	CNVD	id:	CNVD-2023-63438
db:	NVD	id:	CVE-2023-31710

LAST UPDATE DATE

2024-08-14T15:15:50.138000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-63438	date:	2023-08-15T00:00:00
db:	NVD	id:	CVE-2023-31710	date:	2023-08-04T17:31:52.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-63438	date:	2023-08-11T00:00:00
db:	NVD	id:	CVE-2023-31710	date:	2023-08-01T14:15:10.013