CVE-2023-28760
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_ax21 | * |
| tp-link | minidlnad | 1.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects TP-Link AX1800 WiFi 6 Router (Archer AX21) devices. It allows unauthenticated attackers on the local network to execute arbitrary code with root privileges by exploiting the db_dir field in the minidlnad service. The attacker can modify files.db, which leads to a stack-based buffer overflow in the minidlna-1.1.2 software component (specifically in upnpsoap.c). Exploitation requires that a USB flash drive is connected to the router, a common setup for sharing files on the local network.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain root-level control over the affected router. This means they could execute arbitrary code, potentially compromising the entire device, intercepting or manipulating network traffic, accessing connected devices, or disrupting network services.