CVE-2020-9374

CRITICAL

9.8

Description

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published2/24/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

tp-link:tl-wr849ntp-link:tl-wr849n_firmware

Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html(cve@mitre.org)

https://fireshellsecurity.team/hack-n-routers/(cve@mitre.org)

https://github.com/ElberTavares/routers-exploit/tree/master/tp-link(cve@mitre.org)

http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://fireshellsecurity.team/hack-n-routers/(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/ElberTavares/routers-exploit/tree/master/tp-link(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.