Cyber Resilience

CVE-2024-57357

High

Published: 07 February 2025

Published
07 February 2025
Modified
03 July 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1220 94.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57357 is a high-severity OS Command Injection (CWE-78) vulnerability in Tp-Link Tl-Wpa8630 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57357 is a command-injection vulnerability in the TP-Link TL-WPA8630 (US) V2 powerline Wi-Fi extender running firmware version 2.0.4 Build 20230427. The flaw resides in function sub_4256CC and permits an attacker to inject the parameter 'devpwd', resulting in execution of arbitrary operating-system commands. It is tracked under CWE-78 and carries a CVSS 3.1 base score of 8.0.

An attacker with adjacent-network access and low privileges can remotely trigger the injection without user interaction, obtaining full control over the affected device and thereby compromising its confidentiality, integrity, and availability.

Public proof-of-concept material is available in the referenced GitHub repository. The EPSS score rose from a low baseline to a peak of 0.2058 before settling at the current value of 0.1220, indicating that exploitation interest increased after disclosure.

EU & UK References

Vulnerability details

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in network device firmware directly enables remote exploitation of the device's web/management interface (T1190) and arbitrary command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22225Same vendor: Tp-Link
CVE-2026-0654Same vendor: Tp-Link
CVE-2025-9377Same vendor: Tp-Link
CVE-2026-30818Same vendor: Tp-Link
CVE-2026-0630Same vendor: Tp-Link
CVE-2026-0652Same vendor: Tp-Link
CVE-2026-22227Same vendor: Tp-Link
CVE-2026-22226Same vendor: Tp-Link
CVE-2025-6542Same vendor: Tp-Link
CVE-2026-3227Same vendor: Tp-Link

Affected Assets

tp-link
tl-wpa8630 firmware
2.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection vulnerability by enforcing input validation and error handling on the 'devpwd' parameter in function sub_4256CC.

prevent

Remediates the specific firmware flaw enabling remote code execution through timely identification and patching.

prevent

Mitigates the adjacent network access vector (AV:A) required for low-privilege exploitation by controlling communications at network boundaries.

References