All CVEs
Vulnerability intelligence

CVE-2023-1389

TP-Link Archer AX-21 Command Injection Vulnerability

TP-Link Archer AX21

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

CVSS Score
8.8
High
EPSS — Exploit Probability
100%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
unknown
Federal deadline 2023-05-22
CISA required action

Apply updates per vendor instructions. Deadline for federal agencies: 2023-05-22.

NVD entry PoC / advisory CISA KEV

2 articles across 2 outlets · first covered Apr 22, 2026 · latest Apr 30, 2026

Tracked incidents

Coverage timeline

Related CVEs — TP-Link