TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in minidlna-1.1.2/upnpsoap.c. Exploitation requires that a USB flash drive is connected to the router (customers often do this to make a \\192.168.0.1 share available on their local network).

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

References
Link Providers
https://gist.github.com/stevenseeley/0822b66e375cd44ecaee3f047962db62 cve-icon cve-icon
https://www.tecsecurity.io/blog/tp-link_ax1800 cve-icon cve-icon
History

Thu, 02 Oct 2025 13:45:00 +0000

Type Values Removed Values Added
Description TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in minidlna-1.1.2/upnpsoap.c. Exploitation requires that a USB flash drive is connected to the router (customers often do this to make a \\192.168.0.1 share available on their local network).
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-02T13:20:50.021Z

Reserved: 2023-03-23T00:00:00.000Z

Link: CVE-2023-28760

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-02T14:15:41.870

Modified: 2025-10-02T14:15:41.870

Link: CVE-2023-28760

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.