Affected Vendors This Week
- Cisco: 3 CVEs (all medium severity)
- TP-Link: 1 CVE (high severity)
- OpenWrt: 1 CVE (medium severity)
Overview
This week brings a modest but important set of five router and network device vulnerabilities, highlighted by one high-severity remote code execution flaw in TP-Link's popular Archer AX21 WiFi 6 router. The remaining four CVEs are medium-severity XSS issues affecting Cisco and OpenWrt platforms. While the volume is lower than typical weeks, administrators should prioritize the TP-Link patch immediately.
High-Severity Vulnerabilities
TP-Link Archer AX21 Remote Code Execution (CVE-2023-28760, CVSS 7.5)
This is the most critical vulnerability this week. TP-Link AX1800 WiFi 6 Router devices (Archer AX21) allow unauthenticated attackers on the local network (LAN) to execute arbitrary code as root via the db_dir field in minidlnad. An attacker with LAN access could escalate privileges and gain complete control of the router. Action: Check for available firmware updates for Archer AX21 immediately. If your organization uses this model, prioritize this patch.
Medium-Severity Vulnerabilities
Cisco Cyber Vision Center XSS Issues (CVE-2025-20357 and CVE-2025-20356, both CVSS 5.4)
Two separate reflected XSS vulnerabilities in Cisco Cyber Vision Center's web-based management interface allow authenticated remote attackers to execute arbitrary JavaScript in users' browsers. These require attacker authentication and user interaction but could facilitate credential theft or lateral movement. Apply vendor patches when available.
Cisco Unified Communications Manager XSS (CVE-2025-20361, CVSS 4.8)
Another XSS vulnerability, this one affecting Unified CM and Unified CM SME, poses similar risks in the management interface. Enterprises running Cisco collaboration platforms should review Cisco's security advisories for patch availability.
OpenWrt Luci Reflected XSS (CVE-2025-57389, CVSS 5.4)
The /admin/system/packages endpoint in Luci OpenWrt v18.06.2 contains a reflected XSS vulnerability that allows attackers to execute arbitrary JavaScript. Users of custom or open-source OpenWrt deployments should ensure their installations are up to date and consider upgrading from v18.06.2 if possible.