CVE-2024-57357
Published: 07 February 2025
Summary
CVE-2024-57357 is a high-severity OS Command Injection (CWE-78) vulnerability in Tp-Link Tl-Wpa8630 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-57357 is a command-injection vulnerability in the TP-Link TL-WPA8630 (US) V2 powerline Wi-Fi extender running firmware version 2.0.4 Build 20230427. The flaw resides in function sub_4256CC and permits an attacker to inject the parameter 'devpwd', resulting in execution of arbitrary operating-system commands. It is tracked under CWE-78 and carries a CVSS 3.1 base score of 8.0.
An attacker with adjacent-network access and low privileges can remotely trigger the injection without user interaction, obtaining full control over the affected device and thereby compromising its confidentiality, integrity, and availability.
Public proof-of-concept material is available in the referenced GitHub repository. The EPSS score rose from a low baseline to a peak of 0.2058 before settling at the current value of 0.1220, indicating that exploitation interest increased after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53566
Vulnerability details
An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network device firmware directly enables remote exploitation of the device's web/management interface (T1190) and arbitrary command execution via Unix shell (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection vulnerability by enforcing input validation and error handling on the 'devpwd' parameter in function sub_4256CC.
Remediates the specific firmware flaw enabling remote code execution through timely identification and patching.
Mitigates the adjacent network access vector (AV:A) required for low-privilege exploitation by controlling communications at network boundaries.