Cyber Resilience

CVE-2023-31756

MediumPublic PoC

Published: 19 May 2023

Published
19 May 2023
Modified
21 January 2025
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0770 92.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31756 is a medium-severity OS Command Injection (CWE-78) vulnerability in Tp-Link Archer Vr1600V Firmware. Its CVSS base score is 6.7 (Medium).

Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A command injection vulnerability tracked as CVE-2023-31756 affects the administrative web portal in TP-Link Archer VR1600V devices running firmware versions up to and including 0.1.0 0.9.1 v5006.0 Build 220518 Rel.32480n. The flaw, assigned CWE-78, permits an authenticated administrator to supply crafted input via the X_TP_IfName parameter, resulting in execution of arbitrary operating-system commands on the device. It carries a CVSS 3.1 score of 6.7 under the vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

An attacker who has already obtained valid administrator credentials to the web interface can leverage the injection to open an interactive operating-system shell. This grants the ability to read, modify, or delete files, alter device configuration, and potentially pivot to other systems on the local network. The attack requires prior authentication and local access to the management interface rather than unauthenticated remote exploitation.

The associated EPSS score has remained flat at 0.0770 with no material increase since disclosure. Public references point to a technical advisory describing the issue but contain no vendor-supplied patch or mitigation guidance within the provided details.

EU & UK References

Vulnerability details

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to…

more

open an operating system level shell via the 'X_TP_IfName' parameter.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tp-link
archer vr1600v firmware
≤ 0.1.0_0.9.1_v5006.0_build_200810_rel.53181n

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References