AX3000 HW Version 2 - No CVE security updates since 2023
There has been report CVE concerns with the AX3000 router but no updates from TP-LINK. Has TP-LINK stop supporting this model?
CVE-2024-21773
CVE-2024-21821
CVE-2024-21833
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The CVEs you linked appear to be specifically related to specific hardware versions from Japan with the (JP) identifier. As the devices are non-US it is not something we have information for, however, of the models that I did take a look at, they were all updated to a version outside the bounds of the CVE. If you want to confirm, make sure you are navigating the firmware pages from the correct region(/jp/), and verifying the hardware versions reported in the CVEs.
As for updates, while the Archer AX3000 has not received an update in a while, it is still well supported with many of the latest features. If there is a specific feature missing, we would be more than happy to field the request to the teams.
The AX3000 does not currently appear on our End of Life List, so it should still be eligible for updates: TP-Link End of Life Products.
As for updates regarding CVEs, you can find a list of our security advisories, along with the process for how we handle these reports here: TP-Link - Security Advisory
- Copy Link
- Report Inappropriate Content
@Riley_s Appreciate the reply. The Japan firmware/Hardware is different than the US firmware/Hardware is important fact I missed.
Some information on these CVEs
CVE-2024-21773 2024-01-10
CVE-2024-21821 2024-01-10
CVE-2024-21833 2024-01-10
Note: affected at firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115"Although firmware was released before these CVEs it resolves these issues
Nice to know that this router is still supported and not EOL and that these CVEs although not for US models were still mitigated w/ firmware update.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 43
Replies: 2
Voters 0
No one has voted for it yet.