CVE-2024-53375

HIGH EXPLOITED

TP-Link Archer Router Series - Authenticated Remote Code Execution via HomeShield tmp_get_sites Function

Title source: llm

Exploitation Summary

CVE-2024-53375 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including ThottySploity.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-53375, an authenticated command injection vulnerability in TP-Link Archer series routers. The exploit leverages the /admin/smart_network?form=tmp_avira endpoint to execute arbitrary commands via the unsanitized 'ownerId' parameter.

Description

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.

Exploits (1)

nomisec WORKING POC 16 stars

by ThottySploity · remote-auth

https://github.com/ThottySploity/CVE-2024-53375

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-53375, an authenticated command injection vulnerability in TP-Link Archer series routers. The exploit leverages the /admin/smart_network?form=tmp_avira endpoint to execute arbitrary commands via the unsanitized 'ownerId' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TP-Link Archer series routers (e.g., Archer AXE75(EU)_V1_1.2.2)

Auth required

Prerequisites: Valid session token (stok) · Network access to the router's admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/ThottySploity/CVE-2024-53375

Various Sources

https://thottysploity.github.io/posts/cve-2024-53375/

Scores

CVSS v3 8.0

EPSS 0.7066

EPSS Percentile 98.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-11-26

CWE

CWE-78

Status published

Published Dec 02, 2024

Tracked Since Feb 18, 2026