CVE-2023-1389

HIGH 8.8

⚠️ CISA KEV

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

Vendor	n/a
Product	tp-link archer ax21 (ax1800)
Published	Mar 15, 2023
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for n/a tp-link archer ax21 (ax1800)

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-1389.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / TP-Link Archer AX21 (AX1800)

All versions prior to version 1.14 Build 20230219

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tenable.com: https://www.tenable.com/security/research/tra-2023-11 packetstormsecurity.com: http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-1389