Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-35576: TP-Link TL-WR841N V13 (JP) vulnerable to OS command injection

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

CVE
Open in Source
#vulnerability#web#acer#auth#wifi

Published:2021/01/22 Last Updated:2021/01/22

Overview

TP-Link TL-WR841N V13 (JP) is vulnerable to OS command injection.

Products Affected

  • TL-WR841N V13 (JP) with firmware versions prior to 201216

Description

​TP-Link TL-WR841N is a wifi router for home networks.
The firmware version 161028 for hardware version V13 (JP) is reported vulnerable to OS command injection (CWE-78).

According to the vendor, the firmware for hardware version V14(JP) is not affected.

Impact

Any user who can login to the web interface of the product may execute any OS commands.

Solution

Update the Firmware
Update to the latest version of the firmware according to the information provided by the developer.

The developer has released the firmware version 201216 to fix this vulnerability.

Vendor Status

References

  1. Isopach’s blog
    TP-Link TL-WR841N Command Injection Exploit (CVE-2020-35576)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector(AV)

Physical §

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required ®

None (N)

Scope(S)

Unchanged (U)

Changed ©

Confidentiality Impact©

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact©

None (N)

Partial §

Complete ©

Integrity Impact(I)

None (N)

Partial §

Complete ©

Availability Impact(A)

None (N)

Partial §

Complete ©

Credit

Koh You Liang of 3-shake Inc. reported this vulnerability to the developer and JPCERT/CC.

Other Information

JPCERT Alert

JPCERT Reports

CERT Advisory

CPNI Advisory

TRnotes

CVE

CVE-2020-35576

JVN iPedia

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE