TPG Community

Get online support

CVE-2024-21833 Security Vulnerability TP-Link

Level 2

I have recently received a TP-Link VX220-G2v router from TPG. The firmware seems to be old from 17th May 2022. The version of the router are:


Firmware Version: 2.0.0 0.9 v603c.0 Build 220517 Rel.49186n
Hardware Version: VX220-G2v v2.0 00000000

From what I understand, the TP-Link VX220-G2v is a TPG model based on the TP-Link AX1800 Dual-Band Wi-Fi 6 VDSL/ADSL Modem Router. In my research of this router I discovered that TP-Link is a Chinese company (raising memories of Huawei).


I also discovered a security vulnerability CVE-2024-21833 affecting TP-Link Routers (Archer & Deco). Does this vulnerability affect TPG's TP-Link VX220-G2v? If so, when will a patched version of the firmware be available and from where do I download it?


The vulnerability was discovered on 10th January 2024. The details of the vulnerability are below and sourced from CYFIRMA.


TP-LINK products, including the Archer and Deco series, are susceptible to exploitation by network-adjacent unauthenticated attackers, who have access to the product, allowing them to execute arbitrary OS commands. This vulnerability stems from insufficient sanitization of the country parameter in a write operation, enabling an unauthenticated attacker to exploit the flaw through a basic POST request.

Vulnerability Type: OS command injection vulnerabilities
CVE ID: CVE-2024-21833
CVSS Severity Score: 8.8 (HIGH)
Application: TP-Link Router
Impact: command injection vulnerabilities.
Severity: High
Affected Versions: The earliest affected version is Archer AX3000(JP)_V1_1.1.2 Build 20231115 0.2.0 and Deco XE200(JP)_V1_1.2.5 Build 20231120 more – 0.3.0, check here.
Patch Available: Yes


My Question again: Does Security Vulnerability CVE-2024-21833 affect TPG's TP-Link VX220-G2v?