Описание
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
Одновременно
EPSS
7.5 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
Уязвимость службы ated_tp микропрограммного обеспечения маршрутизаторов TP-Link TL-WR841N, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3
8.8 High
CVSS3