CVE-2024-57357

High

Published: 07 February 2025

Published

07 February 2025

Modified

03 July 2025

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.1220 93.9th percentile

Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57357 is a high-severity OS Command Injection (CWE-78) vulnerability in Tp-Link Tl-Wpa8630 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection vulnerability by enforcing input validation and error handling on the 'devpwd' parameter in function sub_4256CC.

SI-2 Flaw Remediation good match

prevent

Remediates the specific firmware flaw enabling remote code execution through timely identification and patching.

SC-7 Boundary Protection partial match

prevent

Mitigates the adjacent network access vector (AV:A) required for low-privilege exploitation by controlling communications at network boundaries.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Command injection in network device firmware directly enables remote exploitation of the device's web/management interface (T1190) and arbitrary command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.

Deeper analysisAI

CVE-2024-57357 is a command injection vulnerability (CWE-78) affecting the TP-Link TL-WPA8630(US)_V2_2.0.4 Build 20230427 firmware on the TL-WPA 8630 powerline adapter. The issue resides in the function sub_4256CC, which enables a remote attacker to execute arbitrary code by injecting the 'devpwd' parameter.

According to its CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited by an attacker with adjacent network access and low privileges. No user interaction is required, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability through remote code execution.

Details on the vulnerability, including exploit information, are documented in the GitHub repository at https://github.com/c10uds/tplink-wpa8630-rce-vulnerability. No official patch or mitigation guidance from the vendor is specified in available references.

Details

CWE(s): CWE-78

Affected Products

tp-link

tl-wpa8630 firmware

2.0.4

CVEs Like This One

CVE-2026-0654Same vendor: Tp-Link

CVE-2026-30818Same vendor: Tp-Link

CVE-2025-9377Same vendor: Tp-Link

CVE-2026-0630Same vendor: Tp-Link

CVE-2026-22225Same vendor: Tp-Link

CVE-2026-0652Same vendor: Tp-Link

CVE-2026-22227Same vendor: Tp-Link

CVE-2026-22229Same vendor: Tp-Link

CVE-2026-22226Same vendor: Tp-Link

CVE-2025-6542Same vendor: Tp-Link

References

https://github.com/c10uds/tplink-wpa8630-rce-vulnerability
Broken Link · cve@mitre.org
https://github.com/c10uds/tplink-wpa8630-rce-vulnerability
Broken Link · 134c704f-9b21-4f2e-91b3-4a467353bcc0