Login Sign Up

CVE-2023-38568

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows a network-adjacent unauthenticated attacker to execute arbitrary operating system commands on affected Archer A10 routers. Attackers can gain full control of the device without authentication. All Archer A10 users with firmware versions prior to 'Archer A10(JP)_V2_230504' are affected.

💻 Affected Systems

Products:
  • TP-Link Archer A10 router
Versions: All firmware versions prior to 'Archer A10(JP)_V2_230504'
Operating Systems: Embedded Linux firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Japanese market version specifically. Vulnerability requires network adjacency but no authentication.

📦 What is this software?

Archer A10 Firmware by Tp Link

View all CVEs affecting Archer A10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept/modify all network traffic, pivot to internal networks, install persistent malware, or use the device for botnet activities.

🟠

Likely Case

Router takeover leading to network traffic interception, DNS hijacking, credential theft, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and strict firewall rules prevent unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network adjacency but no authentication, making it relatively easy to exploit once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Archer A10(JP)_V2_230504

Vendor Advisory: https://www.tp-link.com/jp/support/download/archer-a10/#Firmware

Restart Required: Yes

Instructions:

1. Download firmware 'Archer A10(JP)_V2_230504' from TP-Link Japan support site. 2. Log into router admin interface. 3. Navigate to System Tools > Firmware Upgrade. 4. Upload and install the new firmware. 5. Wait for automatic reboot.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Archer A10 router from critical network segments using VLANs or physical separation

Access Control Lists

all

Implement strict firewall rules to limit which devices can communicate with the router management interface

🧯 If You Can't Patch

  • Replace affected router with patched or different model
  • Deploy network monitoring and intrusion detection to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Tools > Firmware Upgrade

Check Version:

Login to router web interface and navigate to System Tools > Firmware Upgrade

Verify Fix Applied:

Confirm firmware version shows 'Archer A10(JP)_V2_230504' or later in admin interface

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Unauthorized configuration changes
  • Unknown IP addresses accessing router management

Network Indicators:

  • Unexpected outbound connections from router
  • Unusual traffic patterns from router to internal/external systems

SIEM Query:

source="router_logs" AND (command_execution OR unauthorized_access OR firmware_modification)

📊 Metadata

CVE ID: CVE-2023-38568
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: September 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38568, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)