CVE-2024-53375

HIGH EXPLOITED

TP-Link Archer - Authenticated RCE

Title source: llm

Description

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.

Exploits (1)

nomisec WORKING POC 16 stars

by ThottySploity · remote-auth

https://github.com/ThottySploity/CVE-2024-53375

View Code ZIP pw:eip

References (2)

[Various Sources] https://github.com/ThottySploity/CVE-2024-53375

[Various Sources] https://thottysploity.github.io/posts/cve-2024-53375/

Scores

CVSS v3 8.0

EPSS 0.7114

EPSS Percentile 98.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-11-26

CWE

CWE-78

Status published

Published Dec 02, 2024

Tracked Since Feb 18, 2026