9

CVE-2020-35576

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkTl-wr841n Firmware Version < 201216
   Tp-linkTl-wr841n Versionv13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 42.29% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.tp-link.com/us/security
Vendor Advisory
https://jvn.jp/en/vu/JVNVU92444096/
Patch
Third Party Advisory
https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#Firmware
Patch
Vendor Advisory