CVE-2023-31756

MEDIUM

TP-Link Archer VR1600V Firmware <= 0.1.0_0.9.1_v5006.0 - Authenticated OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31756. PoCs published by StanleyJobsonAU.

AI-analyzed exploit summary This is a functional exploit for CVE-2023-31756, targeting Archer V1/V2 routers. It leverages authenticated command injection via the WAN interface configuration to achieve remote code execution, defaulting to spawning a telnet shell.

Description

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.

Exploits (1)

nomisec WORKING POC 2 stars
by StanleyJobsonAU · poc
https://github.com/StanleyJobsonAU/LongBow

This is a functional exploit for CVE-2023-31756, targeting Archer V1/V2 routers. It leverages authenticated command injection via the WAN interface configuration to achieve remote code execution, defaulting to spawning a telnet shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link Archer V1/V2 Routers
Auth required
Prerequisites: Valid JSESSIONID cookie from an authenticated session · Network access to the router's web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory
https://stanleyjobsonau.github.io/tp-link-advisory.html

Scores

CVSS v3 6.7
EPSS 0.0176
EPSS Percentile 75.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
tp-link/archer_vr1600v_firmware < 0.1.0_0.9.1_v5006.0_build_200810_rel.53181n
Published May 19, 2023
Tracked Since Feb 18, 2026