exploitDog

CVE-2021-42232

Опубликовано: 23 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.

Ссылки

http://archer.com
Not Applicable
http://tp-link.com
Vendor Advisory
https://github.com/mQaLeX/IoT/blob/main/tp-link/Archer%20A7%28US%29_V5_20519_tddp.md
http://archer.com
Not Applicable
http://tp-link.com
Vendor Advisory
https://github.com/mQaLeX/IoT/blob/main/tp-link/Archer%20A7%28US%29_V5_20519_tddp.md

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:archer_a7_firmware:210519:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_a7:v5:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05568

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-7jqw-x96f-m5vv

CVSS3: 9.8

github

больше 3 лет назад

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.

EPSS

Процентиль: 90%

0.05568

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78